rml_perl question

Peter Nixon listuser at peternixon.net
Wed Jul 25 16:05:02 CEST 2007 

Several people have already told you this, but I am going to have another go 
at it.

You want to do Digest Authentication. That great. FreeRADIUS knows how to do 
it. All you have to do is supply the Cleartext-Password.

You tell us that you have some propriatary system which holds your passwords 
that you need to access over a TCP socket. Great. Feel free to do so.

Basically you need to:
a) Have the digest module enabled in the _authorize_ AND _authenticate_ 
sections of radiusd.conf
b) Get the password from your backend using perl and return it to FreeRADIUS 
in the _authorize_ section as:
      Cleartext-Password := "yoursupersecretpassword"

This is ALL you should have to do! Do not do anything else! Please. Just 
dont!

Cheers

Peter

On Wed 25 Jul 2007, FreeRadius-ML wrote:
> Ok,
>
>   What I'm trying to do is have FreeRadius perform its AAA functions again
> a PERL based backend, which reads the user information from a proprietary
> system - via a TCP interface.
>
>   The authorization section and the authenticate section both have PERL
> enabled in them.
>
> (I removed the remarks for easier reading) - the first digest is
> commented, but right after perl there is another one.
> ---------- SNIP ------------
> authorize {
>         preprocess
>         auth_log
> #       attr_filter
> #       chap
> #       mschap
> #       digest
> #       IPASS
> #       suffix
> #       ntdomain
> #       eap
> #       files
>         digest
>         perl
> #       sql
> #       etc_smbpasswd
> #       ldap
> #       daily
> #       checkval
> #       pap
> }
> ---------------------------
> You are correct in regards to the authentication section (see below), I
> missed that one: --------- SNIP ------------
> authenticate {
> #       Auth-Type PAP {
> #
> #               pap
> #
> #       }
> #       Auth-Type CHAP {
> #
> #               chap
> #
> #       }
> #       Auth-Type MS-CHAP {
> #
> #               mschap
> #
> #       }
> #       digest
> #       pam
>         unix
> #       Auth-Type LDAP {
> #
> #               ldap
> #
> #       }
> #       eap
>         perl
> }
> ---------------------------
>
> I may be going about it all wrong, which I'm not ruling out. If you have
> something specific to point me at, please do.
>
> Regards,
>  Z2L
> ----- Original Message -----
> From: "A L M Buxey" <A.L.M.Buxey at lboro.ac.uk>
> To: freeradius at zap2link.com, "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org> Sent: Wednesday, July 25, 2007
> 2:12:55 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question
>
> Hi,
>
> you dont have perl enabled in the authorise section of your config...you
> dont have digest enabled in your authorise or authenticate sections
> either.  what are you trying to acheive?


-- 

Peter Nixon
http://peternixon.net/

More information about the Freeradius-Users mailing list