Hello. I realise how stupid this question sounds, but I just don't know the answer. In the example file it says this # Function to handle authenticate sub authenticate { # For debugging purposes only # &log_request_attributes; if ($RAD_REQUEST{'User-Name'} =~ /^baduser/i) { # Reject user and tell him why $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function"; return RLM_MODULE_REJECT; } else { # Accept user and set some attribute $RAD_REPLY{'h323-credit-amount'} = "100"; return RLM_MODULE_OK; } } What is "/^baduser/i" ? I am wanting to use the perl module with freeradius, but I am still learning Perl and I currently have that (the example.pl) file running and have replaced baduser with test. so it looks like # Function to handle authenticate sub authenticate { # For debugging purposes only # &log_request_attributes; if ($RAD_REQUEST{'User-Name'} =~ /^test/i) { # Reject user and tell him why $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function"; return RLM_MODULE_REJECT; } else { # Accept user and set some attribute $RAD_REPLY{'h323-credit-amount'} = "100"; return RLM_MODULE_OK; } } However I can still login with test. I just would like to know should it be "test", 'test'.. I have tried those and they also do not work, so maybe it is something else. Thank you if anyone can help. -- View this message in context: http://old.nabble.com/Rlm_Perl-question-tp29375020p29375020.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
tyllerd wrote:
What is "/^baduser/i" ?
It's a regular expression. See the Perl documentation for more information.
I am wanting to use the perl module with freeradius, but I am still learning Perl and I currently have that (the example.pl) file running and have replaced baduser with test. ... However I can still login with test. I just would like to know should it be "test", 'test'.. I have tried those and they also do not work, so maybe it is something else. Thank you if anyone can help.
(1) Run the server in debugging mode to see what it's doing (2) Learn Perl. This isn't the list to teach you about Perl, unfortunately. Alan DeKok.
On Sat, Aug 7, 2010 at 4:59 PM, Alan DeKok <aland@deployingradius.com>wrote:
tyllerd wrote:
What is "/^baduser/i" ?
It's a regular expression. See the Perl documentation for more information.
I am wanting to use the perl module with freeradius, but I am still learning Perl and I currently have that (the example.pl) file running and have replaced baduser with test. ... However I can still login with test. I just would like to know should it be "test", 'test'.. I have tried those and they also do not work, so maybe it is something else. Thank you if anyone can help.
(1) Run the server in debugging mode to see what it's doing
(2) Learn Perl. This isn't the list to teach you about Perl, unfortunately.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the response. I didn't expect you guys to teach me anything, I just needed a working base from which I can modify to my needs. I see know that it was my fault (obviously it was going to be). I am using sql, and not the users file as the guide ( http://wiki.freeradius.org/Rlm_perl) suggests. I added Auth-Type attribute into the table and I know cannot login with the user baduser. So radcheck used to look like this +------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ 8813 | baduser | password | == | baduser +------+----------+-----------+----+---------+ it now looks like this. +------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ | 8813 | baduser | password | == | baduser | | 8814 | baduser | Auth-Type | = | Perl | +------+----------+-----------+----+---------+ Thanks for the help
Hi,
I see know that it was my fault (obviously it was going to be). I am using sql, and not the users file as the guide (http://wiki.freeradius.org/Rlm_perl) suggests. I added Auth-Type attribute into the table and I know cannot login with the user baduser. So radcheck used to look like this
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ 8813 | baduser | password | == | baduser +------+----------+-----------+----+---------+
it now looks like this.
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ | 8813 | baduser | password | == | baduser | | 8814 | baduser | Auth-Type | = | Perl | +------+----------+-----------+----+---------+
using a recent version of FR? if so, change that first line to be | 8813 | baduser | cleartext-password | := | baduser | (as per the docs!) your initial question.....'what is /^baduser/i ?' - its a quick function that checks the User-Name attribute and see if it matches (and begins with) the word 'baduser' (and is case insensitive). its a quick demo to show that things that you can do.... if you were to do this in production, you'd probably have an array of 'bad users' and do a loop function in which you check User-Name against all members of that array (and return a found or not found code back to the routine that fired off the check....eg if (baduser() ){ } etc. alan
Thank you Baically what I have done is this. I wanting to use freeradius to be the radius server for a few of my hotspots. They use two different NAS devices.Now the problem I faced is that both NASes use different VSA's for limiting users bandwidth. So my perl script will check the NAS-Identifier and cross reference it with a table in the DB and collect the appropriate NAS device. Then I have a attribute in the radcheck table called databank, I take the value of that attribute and put it together with the attribute that my NAS will understand. This all seems to be ok, the only thing I need to do now is, when the accounting-stop packet arrives, I need to be able to take sum(acctinputoctets+acctoutputoctets) and subtract that from the total of Databank. This way no matter if a user is coming from hostpot with device A to hotspot with device B the amount of data that he can move will be constant. I can right the script, but I am not sure where to do it. How can you right a script to act on accounting-stop packet? Thanks On Mon, Aug 9, 2010 at 9:44 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I see know that it was my fault (obviously it was going to be). I am using sql, and not the users file as the guide ( http://wiki.freeradius.org/Rlm_perl) suggests. I added Auth-Type attribute into the table and I know cannot login with the user baduser. So radcheck used to look like this
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ 8813 | baduser | password | == | baduser +------+----------+-----------+----+---------+
it now looks like this.
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ | 8813 | baduser | password | == | baduser | | 8814 | baduser | Auth-Type | = | Perl | +------+----------+-----------+----+---------+
using a recent version of FR? if so, change that first line to be
| 8813 | baduser | cleartext-password | := | baduser |
(as per the docs!)
your initial question.....'what is /^baduser/i ?' - its a quick function that checks the User-Name attribute and see if it matches (and begins with) the word 'baduser' (and is case insensitive). its a quick demo to show that things that you can do.... if you were to do this in production, you'd probably have an array of 'bad users' and do a loop function in which you check User-Name against all members of that array (and return a found or not found code back to the routine that fired off the check....eg
if (baduser() ){ }
etc.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok, I believe that I may have done this. In the dialup.conf file I edited accounting_stop_query to update my attribute. It is the only place were I saw anything happening on account-stop. Hope that is correct. On Tue, Aug 10, 2010 at 3:20 PM, Tyller D <tyllerd@gmail.com> wrote:
Thank you
Baically what I have done is this. I wanting to use freeradius to be the radius server for a few of my hotspots.
They use two different NAS devices.Now the problem I faced is that both NASes use different VSA's for limiting users bandwidth. So my perl script will check the NAS-Identifier and cross reference it with a table in the DB and collect the appropriate NAS device. Then I have a attribute in the radcheck table called databank, I take the value of that attribute and put it together with the attribute that my NAS will understand. This all seems to be ok, the only thing I need to do now is, when the accounting-stop packet arrives, I need to be able to take sum(acctinputoctets+acctoutputoctets) and subtract that from the total of Databank. This way no matter if a user is coming from hostpot with device A to hotspot with device B the amount of data that he can move will be constant.
I can right the script, but I am not sure where to do it. How can you right a script to act on accounting-stop packet?
Thanks
On Mon, Aug 9, 2010 at 9:44 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk>wrote:
Hi,
I see know that it was my fault (obviously it was going to be). I am using sql, and not the users file as the guide ( http://wiki.freeradius.org/Rlm_perl) suggests. I added Auth-Type attribute into the table and I know cannot login with the user baduser. So radcheck used to look like this
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ 8813 | baduser | password | == | baduser +------+----------+-----------+----+---------+
it now looks like this.
+------+----------+-----------+----+---------+ | id | username | attribute | op | value | +------+----------+-----------+----+---------+ | 8813 | baduser | password | == | baduser | | 8814 | baduser | Auth-Type | = | Perl | +------+----------+-----------+----+---------+
using a recent version of FR? if so, change that first line to be
| 8813 | baduser | cleartext-password | := | baduser |
(as per the docs!)
your initial question.....'what is /^baduser/i ?' - its a quick function that checks the User-Name attribute and see if it matches (and begins with) the word 'baduser' (and is case insensitive). its a quick demo to show that things that you can do.... if you were to do this in production, you'd probably have an array of 'bad users' and do a loop function in which you check User-Name against all members of that array (and return a found or not found code back to the routine that fired off the check....eg
if (baduser() ){ }
etc.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan Buxey -
Alan DeKok -
Tyller D -
tyllerd