Ubuntu FreeRadius does not recoginize some perl.so symbols and does not compile from source and is also outdated (Why is there no new version in SID? Is the package still maintained?)
Hello, I wanted to use the FreeRadius package included in Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-49-generic x86_64) to do SMS OTP password. In order to do that I need to load perl code into FreeRadius which fails with the following error on a fresh installed system: (1) FreeRadius does not recognize symbol from perl module sudo apt-get install freeradius libauthen-krb5-simple-perl sudo cat > /etc/freeradius/sites-enabled/perl <<EOF authenticate { perl } authorize { update control { Auth-Type := perl } preprocess } preacct { preprocess acct_unique suffix } accounting { detail radutmp attr_filter.accounting_response } session { radutmp } EOF sudo cat > /etc/freeradius/example.pl <<EOF use Authen::Krb5::Simple; EOF root@ubuntu64:~# sudo /etc/init.d/freeradius restart * Stopping FreeRADIUS daemon freeradius * /var/run/freeradius/freeradius.pid not found... ...done. * Starting FreeRADIUS daemon freeradius Can't load '/usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so' for module Authen::Krb5::Simple: /usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so: undefined symbol: PL_thr_key at /usr/lib/perl/5.14/DynaLoader.pm line 184. at /etc/freeradius/example.pl line 1 Compilation failed in require at /etc/freeradius/example.pl line 1. BEGIN failed--compilation aborted at /etc/freeradius/example.pl line 1. ...fail! In order to resolve that issue the FreeRadius version need to be upgradred. However I tried to rebuild from source because I saw a similar bug before which got resolved by rebuilding the package after a perl security update: (2) Freeradius does not build from source. sudo su - apt-get build-dep freeradius apt-get source freeradius cd freeradius-2.1.10+dfsg/ debian/rules binary And it fails: radeapclient.c:975:6: warning: variable 'count' set but not used [-Wunused-but-set-variable] libtool: compile: gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I/tmp/freeradius-2.1.10+dfsg/src -Ilibeap -c radeapclient.c -o radeapclient.o >/dev/null 2>&1 /usr/bin/libtool --mode=link gcc -o radeapclient radeapclient.lo libeap/libfreeradius-eap.la -lnsl -lresolv -lpthread -lcrypto -lssl -lcrypto libtool: link: gcc -o .libs/radeapclient .libs/radeapclient.o libeap/.libs/libfreeradius-eap.so -lnsl -lresolv -lpthread -lssl -lcrypto -Wl,-rpath -Wl,/usr/lib/freeradius /usr/bin/ld: .libs/radeapclient.o: undefined reference to symbol 'fr_perror' /usr/bin/ld: note: 'fr_perror' is defined in DSO /usr/lib/freeradius/libfreeradius-radius-2.1.10.so so try adding it to the linker command line /usr/lib/freeradius/libfreeradius-radius-2.1.10.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status make[7]: *** [radeapclient] Error 1 Full log is at: http://pbot.rmdir.de/6QWM6SrvmhzLYUQzjpQ3Dg For the second issue I saw that there was a bug report which was closed because it was not reproducible. For me it is, I reproduced it on a system setup from scratch. I installed your ssh key on the system so that you can troubleshoot the problem. ssh -l yolanda -p 4001 infra.gmvl.de You can get root by issueing 'sudo su -'. I disabled the password prompt. You can also set you a password by 'sudo passwd yolanda' if necessary. The system has full internet access. Please let me know if I should file a bugreport for (1) and/or reopen the bugreport for (2). Howto reproduce the build bug: - Install a fresh Ubuntu in the packet selection only select ssh server - Execute the commands mentioned above. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623928 https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/1090365 As Alan has mention on the bug 1090365 in launchpad, is is easily fixed by applying the following patch: -- commit c86003daabfd7db7249c7259db48a5cc1aa2fb01 Author: Alan T. DeKok <aland@freeradius.org> Date: Thu Jan 20 16:01:17 2011 +0100 Add $(LIBRADIUS) to allow it to link diff --git a/src/modules/rlm_eap/Makefile.in b/src/modules/rlm_eap/Makefile.in index 1e20588..5576294 100644 --- a/src/modules/rlm_eap/Makefile.in +++ b/src/modules/rlm_eap/Makefile.in @@ -6,7 +6,7 @@ TARGET = @targetname@ SRCS = rlm_eap.c eap.c mem.c HEADERS = eap.h rlm_eap.h RLM_CFLAGS = $(INCLTDL) -Ilibeap -CLIENTLIBS = libeap/$(LIBPREFIX)freeradius-eap.la +CLIENTLIBS = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBRADIUS) RLM_LIBS = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBLTDL) RLM_INSTALL = install-subdirs RLM_SUBDIRS = libeap @eaptypes@ -- So I wonder why the build problem was not fixed? I really would like to see that both issues get fixed. That way the out of the box FreeRadius packet gets usuable and someone does not need to recompile the package. Also I do not understand why Debian and Ubuntu does not have the current version of the 2.2.x branch. It looks like the package is no longer maintained. I also do not see a current version in SID (for Debian and Ubuntu that is). So I wonder what is going on here? So for now I'm stuck with compiling FreeRadius by myself for Debian/Ubuntu. Has someone updated Debian packages somewhere? Cheers, Thomas -- Thomas Glanzmann <thomas@glanzmann.de> Landline +49 9131 6 14 720 Diplom-Informatiker Univ. Facsimile +49 9131 6 14 721 Rathsbergerstrasse 28 D-91054 Erlangen - Burgberg, Germany http://thomas.glanzmann.de/
* Starting FreeRADIUS daemon freeradius Can't load '/usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so' for module Authen::Krb5::Simple: /usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so: undefined symbol: PL_thr_key at /usr/lib/perl/5.14/DynaLoader.pm line 184.
Possibly this? http://www.perlmonks.org/?node_id=1008893
commit c86003daabfd7db7249c7259db48a5cc1aa2fb01 Author: Alan T. DeKok <aland@freeradius.org> Date: Thu Jan 20 16:01:17 2011 +0100
Add $(LIBRADIUS) to allow it to link
diff --git a/src/modules/rlm_eap/Makefile.in b/src/modules/rlm_eap/Makefile.in index 1e20588..5576294 100644 --- a/src/modules/rlm_eap/Makefile.in +++ b/src/modules/rlm_eap/Makefile.in @@ -6,7 +6,7 @@ TARGET = @targetname@ SRCS = rlm_eap.c eap.c mem.c HEADERS = eap.h rlm_eap.h RLM_CFLAGS = $(INCLTDL) -Ilibeap -CLIENTLIBS = libeap/$(LIBPREFIX)freeradius-eap.la +CLIENTLIBS = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBRADIUS) RLM_LIBS = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBLTDL) RLM_INSTALL = install-subdirs RLM_SUBDIRS = libeap @eaptypes@ --
So I wonder why the build problem was not fixed?
*sigh*. What are you talking about. You're building from 2.1.10 source. The fix wasn't put into the repo until: c86003da (Alan T. DeKok 2011-01-20 16:01:17 +0100 9) CLIENTLIBS = libeap/$(LIBPREFIX)freeradius-eap.la $(LIBRADIUS) 2.1.10 tag is from 28th September 2010, so of course it's not going to work, it doesn't have the fix? and yes, the patch is to explicitly link the freeradius eap library agains the main radius library which contains that symbol… -Arran
Hello Arran,
Can't load '/usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so' for module Authen::Krb5::Simple: /usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so: undefined symbol: PL_thr_key at /usr/lib/perl/5.14/DynaLoader.pm line 184.
The error comes from a module compiled against threaded Perl while your Perl installation is not threaded (probably because you recompiled it). The solution is to recompile the module against the new Perl.
strange. After recompiling the problem is not gone, but if I compile a different vesion (freeradius-2.2.0) from scratch it works, I will retry with the vanilla build.
What are you talking about?
I'm frustrated about that the Debian package is a) broken and b) outdated. I hope that someone updates uploads it to SID and fixes the above error for the current stable release. I put the list on CC because I get here very valuable input, like the hint that the problem is that FreeRadius was compiled against single threaded version of perl.so while the Authen::Krb5::Simple is compiled against multithreaded version of perl. Cheers, Thomas
On 21 Jul 2013, at 17:18, Thomas Glanzmann <thomas@glanzmann.de> wrote:
Hello Arran,
Can't load '/usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so' for module Authen::Krb5::Simple: /usr/lib/perl5/auto/Authen/Krb5/Simple/Simple.so: undefined symbol: PL_thr_key at /usr/lib/perl/5.14/DynaLoader.pm line 184.
The error comes from a module compiled against threaded Perl while your Perl installation is not threaded (probably because you recompiled it). The solution is to recompile the module against the new Perl.
strange. After recompiling the problem is not gone, but if I compile a different vesion (freeradius-2.2.0) from scratch it works, I will retry with the vanilla build.
Ug ok.
What are you talking about?
I'm frustrated about that the Debian package is a) broken and b) outdated.
Ok, so the issue here is it's outdated. In head that issue is resolved. You can of course 'make deb' in the top level directory of the current Git HEAD (which will very soon be 2.2.1) and make your own debian packages. But yes, they should be updated to something recent. There are know security exploits in that version.
I hope that someone updates uploads it to SID and fixes the above error for the current stable release.
Yes me too. -Arran
Hello Arran,
You can of course 'make deb' in the top level directory of the current Git HEAD (which will very soon be 2.2.1) and make your own debian packages.
that is fine with me and works perfect. I was not aware of that option, but now I know that it is out there, it is the way to go. While trying that I also build a 3.0 GIT HEAD and there were a few problems, I trippeled about: - HINTS does not work the way it did before. Especially this no longer works for me: DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE" - rlm_perl does not seem to register itself as module correctly because I get the following error message as soon as I: ... authorize { update control { Auth-Type := perl } } ... Message is: (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Full Log: http://pbot.rmdir.de/IRC6zW11GNEWEFpMx0a13w - freeradius gives me a segmentation fault as soon as I put 'perl' in the authorize section and do one authentication request. authorize { perl } I really would like to work out all the above issues, is someone willing to walk me through it? Otherwise I'll try myself, but I always appreciate all the help I can get. ;-) Cheers, Thomas
- HINTS does not work the way it did before. Especially this no longer works for me:
DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE"
Can you got some debug output or even just the value of the User-Name? It may just be the escaping is less crazy than it used to be.
- rlm_perl does not seem to register itself as module correctly because I get the following error message as soon as I:
... authorize { update control { Auth-Type := perl } } ...
Message is: (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
No. That just means you don't have a reject {} section in Post-Auth, it has nothing to do with the perl module.
Full Log: http://pbot.rmdir.de/IRC6zW11GNEWEFpMx0a13w
- freeradius gives me a segmentation fault as soon as I put 'perl' in the authorize section and do one authentication request.
Can you provide a backtrace please? I'll see if I can fix it. -Arran
Hello Arran,
DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE"
Can you got some debug output or even just the value of the User-Name? It may just be the escaping is less crazy than it used to be.
username is: v104\Administrator but radius puts it internally as v104\\Administrator. This is how it looks like in 2.2.0: rad_recv: Access-Request packet from host 10.104.1.0 port 54489, id=59, length=58 User-Name = "v104\\Administrator" User-Password = "Pa$$w0rd" # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[control] returns notfound [preprocess] expand: %{User-Name} -> v104\Administrator [preprocess] hints: Matched DEFAULT at 1 [preprocess] expand: %{1}@V104.GMVL.DE -> Administrator@V104.GMVL.DE ++[preprocess] returns ok Found Auth-Type = perl # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} rlm_perl: Added pair User-Name = Administrator@V104.GMVL.DE rlm_perl: Added pair User-Password = Pa$$w0rd rlm_perl: Added pair NAS-IP-Address = 10.104.1.0 rlm_perl: Added pair Reply-Message = Enter SMS one time password rlm_perl: Added pair State = 72641523 rlm_perl: Added pair Response-Packet-Type = Access-Challenge rlm_perl: Added pair Auth-Type = perl
No. That just means you don't have a reject {} section in Post-Auth, it has nothing to do with the perl module.
I see, I'll try that and report back.
Can you provide a backtrace please? I'll see if I can fix it.
I'll do that. I found another small bug in the debian packages generated by debian/rules binary in the 2.2.0 release: Initscript puts pid file in /var/run/freeradius But Freeradius wants to put it in /var/run/radius, so it does not start: Sun Jul 21 19:36:34 2013 : Error: Failed creating PID file /var/run/radiusd/radiusd.pid: No such file or directory Cheers, Thomas
Hello Arran,
Can you provide a backtrace please? I'll see if I can fix it.
Program received signal SIGSEGV, Segmentation fault. 0x08052f8a in rad_authenticate (request=0x863f138) at src/main/auth.c:542 542 (auth_item->da->attr == PW_USER_PASSWORD)) { (gdb) bt #0 0x08052f8a in rad_authenticate (request=0x863f138) at src/main/auth.c:542 #1 0x080741d3 in request_running (request=0x863f138, action=1) at src/main/process.c:1185 #2 0x08073525 in request_queue_or_run (request=0x863f138, process=0x8074104 <request_running>) at src/main/process.c:828 #3 0x08074836 in request_receive (listener=0x8480c00, packet=0x863ef30, client=0x81e4828, fun=0x8052a0b <rad_authenticate>) at src/main/process.c:1377 #4 0x080592ec in auth_socket_recv (listener=0x8480c00) at src/main/listen.c:1449 #5 0x08079b09 in event_socket_handler (xel=0x846f640, fd=7, ctx=0x8480c00) at src/main/process.c:3483 #6 0xf7d7e0cd in fr_event_loop (el=0x846f640) at src/lib/event.c:414 #7 0x0807ad91 in radius_event_process () at src/main/process.c:4272 #8 0x0806a384 in main (argc=2, argv=0xffffcc04) at src/main/radiusd.c:475 (gdb) p auth_item $1 = (VALUE_PAIR *) 0x8482220 (gdb) p auth_item->da $2 = (const DICT_ATTR *) 0x0 I was able to reproduce that on Ubuntu 12.04 (Precise Pangolin) x64 and Debian Wheezy 32 Bit. If you need exact instruction on howto reproduce or access to the system, send me a ssh key or e-mail. Cheers, Thomas
On 21 Jul 2013, at 22:33, Thomas Glanzmann <thomas@glanzmann.de> wrote:
Hello Arran,
Can you provide a backtrace please? I'll see if I can fix it.
Program received signal SIGSEGV, Segmentation fault. 0x08052f8a in rad_authenticate (request=0x863f138) at src/main/auth.c:542 542 (auth_item->da->attr == PW_USER_PASSWORD)) { (gdb) bt #0 0x08052f8a in rad_authenticate (request=0x863f138) at src/main/auth.c:542 #1 0x080741d3 in request_running (request=0x863f138, action=1) at src/main/process.c:1185 #2 0x08073525 in request_queue_or_run (request=0x863f138, process=0x8074104 <request_running>) at src/main/process.c:828 #3 0x08074836 in request_receive (listener=0x8480c00, packet=0x863ef30, client=0x81e4828, fun=0x8052a0b <rad_authenticate>) at src/main/process.c:1377 #4 0x080592ec in auth_socket_recv (listener=0x8480c00) at src/main/listen.c:1449 #5 0x08079b09 in event_socket_handler (xel=0x846f640, fd=7, ctx=0x8480c00) at src/main/process.c:3483 #6 0xf7d7e0cd in fr_event_loop (el=0x846f640) at src/lib/event.c:414 #7 0x0807ad91 in radius_event_process () at src/main/process.c:4272 #8 0x0806a384 in main (argc=2, argv=0xffffcc04) at src/main/radiusd.c:475 (gdb) p auth_item $1 = (VALUE_PAIR *) 0x8482220 (gdb) p auth_item->da $2 = (const DICT_ATTR *) 0x0
I was able to reproduce that on Ubuntu 12.04 (Precise Pangolin) x64 and Debian Wheezy 32 Bit. If you need exact instruction on howto reproduce or access to the system, send me a ssh key or e-mail.
Oh I have a pretty good idea of what's gone on. Could you git pull and rebuild. You'll probably see an abort this time round. -Arran
Hello Arran,
Oh I have a pretty good idea of what's gone on. Could you git pull and rebuild. You'll probably see an abort this time round.
I did a git pull # Wipe the working directory clean git reset --hard HEAD; git clean -f -x -d ./configure --prefix=/local/freeradius-head; make -j; make install And yes, I see an ABORT, what is going on? Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47420, id=99, length=43 User-Name = 'bla' User-Password = 'fasel' (0) # Executing section authorize from file /local/freeradius-head/etc/raddb/sites-enabled/smsotp (0) group authorize { (0) - entering group authorize {...} (0) update control { (0) Auth-Type := perl (0) } # update control = notfound (0) Found Auth-Type = perl (0) # Executing group from file /local/freeradius-head/etc/raddb/sites-enabled/smsotp (0) group authenticate { (0) - entering group authenticate {...} rlm_perl: Added pair User-Name = bla rlm_perl: Added pair User-Password = fasel rlm_perl: Added pair Auth-Type = perl (0) [perl] = reject (0) Failed to authenticate the user. (0) Using Post-Auth-Type Reject (0) # Executing group from file /local/freeradius-head/etc/raddb/sites-enabled/smsotp (0) group REJECT { (0) - entering group REJECT {...} (0) attr_filter.access_reject : expand: "%{User-Name}" -> 'bla' (0) attr_filter.access_reject : Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed reject Sending Access-Reject of id 99 from 0.0.0.0 port 1812 to 127.0.0.1 port 47420 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 33829, id=101, length=43 User-Name = 'bla' User-Password = 'fasel' (1) # Executing section authorize from file /local/freeradius-head/etc/raddb/sites-enabled/smsotp (1) group authorize { (1) - entering group authorize {...} (1) update control { (1) Auth-Type := perl (1) } # update control = notfound (1) Found Auth-Type = perl (1) # Executing group from file /local/freeradius-head/etc/raddb/sites-enabled/smsotp (1) group authenticate { (1) - entering group authenticate {...} rlm_perl: Added pair User-Name = bla rlm_perl: Added pair User-Password = fasel rlm_perl: Added pair Auth-Type = perl (1) [perl] = reject (1) Failed to authenticate the user. Program received signal SIGABRT, Aborted. 0xf7fdf430 in __kernel_vsyscall () (gdb) bt #0 0xf7fdf430 in __kernel_vsyscall () #1 0xf7b92941 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0xf7b95d72 in *__GI_abort () at abort.c:92 #3 0xf7d47c83 in ?? () from /usr/lib/i386-linux-gnu/libtalloc.so.2 #4 0xf7d498cc in talloc_get_name () from /usr/lib/i386-linux-gnu/libtalloc.so.2 #5 0xf7d4bbde in _talloc_get_type_abort () from /usr/lib/i386-linux-gnu/libtalloc.so.2 #6 0x08052f97 in rad_authenticate (request=0x863eeb8) at src/main/auth.c:541 #7 0x080741f3 in request_running (request=0x863eeb8, action=1) at src/main/process.c:1185 #8 0x08073545 in request_queue_or_run (request=0x863eeb8, process=0x8074124 <request_running>) at src/main/process.c:828 #9 0x08074856 in request_receive (listener=0x8480a98, packet=0x863edb8, client=0x81e4828, fun=0x8052a0b <rad_authenticate>) at src/main/process.c:1377 #10 0x0805930c in auth_socket_recv (listener=0x8480a98) at src/main/listen.c:1449 #11 0x08079b29 in event_socket_handler (xel=0x846f4d8, fd=7, ctx=0x8480a98) at src/main/process.c:3483 #12 0xf7d7e0cd in fr_event_loop (el=0x846f4d8) at src/lib/event.c:414 #13 0x0807adb1 in radius_event_process () at src/main/process.c:4272 #14 0x0806a3a4 in main (argc=2, argv=0xffffcc14) at src/main/radiusd.c:475 (gdb) quit Cheers, Thomas
On 21 Jul 2013, at 23:17, Thomas Glanzmann <thomas@glanzmann.de> wrote:
Hello Arran,
Oh I have a pretty good idea of what's gone on. Could you git pull and rebuild. You'll probably see an abort this time round.
I did a
git pull # Wipe the working directory clean git reset --hard HEAD; git clean -f -x -d ./configure --prefix=/local/freeradius-head; make -j; make install And yes, I see an ABORT, what is going on?
Something was caching the pointer to request->password when it shouldn't of. Should be fixed now. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
On 21 Jul 2013, at 23:47, Susan Brown <a.cudbardb@freeradius.org> wrote:
On 21 Jul 2013, at 23:17, Thomas Glanzmann <thomas@glanzmann.de> wrote:
Hello Arran,
Oh I have a pretty good idea of what's gone on. Could you git pull and rebuild. You'll probably see an abort this time round.
I did a
git pull # Wipe the working directory clean git reset --hard HEAD; git clean -f -x -d ./configure --prefix=/local/freeradius-head; make -j; make install And yes, I see an ABORT, what is going on?
Something was caching the pointer to request->password when it shouldn't of.
Should be fixed now.
Interesting. Pretty sure I haven't changed my name to Susan Brown... hmm. -Arran
Hello Arran,
Something was caching the pointer to request->password when it shouldn't have. Should be fixed now.
I pulled the fix and can no longer reproduce the issue, I tried with 100 authentications in a row. Thank you for fixing it. Cheers, Thomas
Hi,
While trying that I also build a 3.0 GIT HEAD and there were a few problems, I trippeled about:
- HINTS does not work the way it did before. Especially this no longer works for me:
DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE"
I bleieve hitns is going the way of the dodo eventually - unlang can do the work for you eg if (%{User-Name} =~ "^v104\\\\([^@]+)" ) { update request { %{User-Name} := "%{1}@V104.GMVL.DE" } } or somesuch.
Message is: (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
as already said, this is just no reject part on post-auth - this has been common since 2.2.x
- freeradius gives me a segmentation fault as soon as I put 'perl' in the authorize section and do one authentication request.
thats more interesting. We run PERL with 3.x here and havent seen such an issue.... wonder if your PERL environment is different.... it would be sooo much better for you to be running (or ready to run!) 3.x at this point in time alan
Hello Alan,
I bleieve hitns is going the way of the dodo eventually - unlang can do the work for you eg
if (%{User-Name} =~ "^v104\\\\([^@]+)" ) { update request { %{User-Name} := "%{1}@V104.GMVL.DE" } }
I tried: server default { listen { type = auth ipaddr = * } authenticate { perl } authorize { update control { Auth-Type := perl } if (%{User-Name} =~ /^v104\\\\([^@]+)/ ) { update request { %{User-Name} := "%{1}@V104.GMVL.DE" } } } accounting { detail } post-auth { Post-Auth-Type REJECT { attr_filter.access_reject } } } There was one error I could figure out the right side of the regular expressions have to be // and not "", I fixed that but it does not recognize the right hand side "%{1}@V104.GMVL.DE". Accordin to [1] it should be that, if I understand it correctly. [1] http://freeradius.org/radiusd/man/unlang.html
thats more interesting. We run PERL with 3.x here and havent seen such an issue.... wonder if your PERL environment is different....
I'm running Debian Wheezy. libperl-dev - 5.14.2-21
it would be sooo much better for you to be running (or ready to run!) 3.x at this point in time
I work on it. :-) Cheers, Thomas
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Arran Cudbard-Bell -
Susan Brown -
Thomas Glanzmann