rml_perl question
Alan DeKok
aland at deployingradius.com
Wed Jul 25 15:57:56 CEST 2007
FreeRadius-ML wrote:
> Of course I updated the PERL script. I simply modified the debug function to be:
And you did NOT add $RAD_CHECK{Cleartext-Password} = "..." as you were
instructed to do.
> I hadn't set Auth-Type in radiusd.conf, according to references I've recieved,
> the only Auth-Type directive I've added in the users.conf file.
Which you were instructed to NOT do.
...
> rlm_digest: Adding Auth-Type = DIGEST
...
> auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
You did NOT configure the "digest" module in the "authenticate"
section, as you were instructed to do.
> Alan, i'm asking these questions as I want to understand the possibilities and
> the various options that exist.
No. If you wanted to understand, you would follow instructions, and
observe that the instructions worked.
> My only problem here is that I'm now playing around with rlm_perl, which appears to
> be a bit more complex in the way it does things.
No, it's not. You set the value of an attribute via the method you
were instructed to use.. That's the *only* complex thing in rlm_perl.
> For example, I've looked into the
> documentation, I hadn't seen any document explaining the information transfer between
> the rlm_perl script and the digest mechanism.
I explained this. You seem to have ignored it. You set the value of
the attribute in rlm_perl as you were instructed. The server takes care
of the rest.
> The documentation describes how to work
> with rlm_perl, how to write your own script and so on. But that little piece of
> information is missing from it.
doc/aaa.txt explains it. I have told you on this list how it works.
> The general information in the documentation is much
> better than in most OSS projects I know, however, the lack of examples and the fact
> that most people tend to work with some form of SQL/LDAP backend, makes any other
> usage beyond that a bit more complicated for the novice FreeRadius user.
You are making it difficult for yourself by not following the
instructions on this list.
> Alan, just to make something clear, I think FreeRadius is a wonderful tool. I've used
> it in conjunction with GnuGK to build a multi-million minute H323 routing switch back in
> 2003, which is still working till today (switching over 25 million minutes a month). I've
> used in conjunction with Cisco Access Servers to create various Dial-IN PPP access routers,
> and I've used it as a backend for Cisco L2TP/PPTP services, which were all working off of
> MySQL, and work to this day - in other words, I know my way around FreeRadius fairly well.
Then I don't understand why it's so difficult to get this working.
> The first time I ran into a situation I actually needed to talk to someone on the list is
> now. I'm currently in the process of writing a document explaining my findings, and maybe
> also help others use rlm_perl, but you have to understand that while I may seem a little
> nagging, it is purely due to my Israeli nature that tends to get the better of me - and
> my general desire to understand what I'm doing.
I've seen that before. You think there's some secret magical complex
sauce that makes it all work. There isn't. The explanation is simple,
and you've been given it multiple times.
Because you think there's some secret magic sauce, you find it
impossible to believe the simple explanations. Therefore, you don't
follow the instructions on this list, because they cannot possibly be
correct.
I have told you multiple times how to get this to work. It is
abundantly clear that you have great difficulty following instructions.
The Perl script you posted contains *zero* references to
Cleartext-Password, despite the explicit instructions to set it. The
radiusd.conf file will not do digest authentication, despite
instructions here *and* in the comments in radiusd.conf saying how to
get it to work.
Good luck solving your problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list