rlm_perl and empty user name variable

Gustave Nylander gustave.nylander at gmail.com
Wed Oct 26 20:52:43 CEST 2005 

I have freeradius 1.05 configured with rlm_perl to handle 
authentication, and the problem seems to be that the 
$RAD_REQUEST{'User-Name'} variable is an empty string within the perl 
script I have set up. The perl script is based on the example.pl script 
provided with freeradius.

My users file has one line: DEFAULT Auth-Type := Perl_Auth

The applicable sections of radiusd.conf are:

modules section:
perl {
               module = "/home/rpm/test_rad.pl"
               func_authenticate = authenticate
               func_authorize = authorize
       }


authorize {
       files
}

authenticate {
       Auth-Type Perl_Auth {
               perl
       }
}

The perl script itself has the variables toward the top uncommented, and 
the authenticate sub is:

sub authenticate {
       # For debugging purposes only
       &log_request_attributes;

       if ($RAD_REQUEST{'User-Name'} =="") {

               return RLM_MODULE_REJECT;
       }

       if ($RAD_REQUEST{'User-Name'} =~ /^fred/i) {
               # Reject user and tell him why
               $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl 
function";
               return RLM_MODULE_REJECT;
       } else {
               # Accept user and set some attribute
               $RAD_REPLY{'h323-credit-amount'} = "100";
               return RLM_MODULE_OK;
       }
}

All authentication attempts get caught with the empty string check in 
the code above. Below is the radiusd debug:

rad_recv: Access-Request packet from host 127.0.0.1:43349, id=196, 
length=55
       User-Name = "gus"
       User-Password = "123"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 0
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   users: Matched entry DEFAULT at line 1
 modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
 rad_check_password:  Found Auth-Type Perl_Auth
auth: type "Perl_Auth"
 Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_perl: Added pair Auth-Type = Perl_Auth
 modcall[authenticate]: module "perl" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.

More information about the Freeradius-Users mailing list