rml_perl question
FreeRadius-ML
freeradius at zap2link.com
Wed Jul 25 16:33:01 CEST 2007
Hi Peter,
Thanks, that was the missing part for me - I think. Just let me verify that I
got you correctly:
1. My OpenSER will send a request to FreeRadius including the full digest information.
2. Once the request in intercepted by FreeRadius, my rlm_perl will simply need to ask the
TCP server for the password of the user.
3. Once that password had been retrieved, I'll simply set the RAD_REPLY{'Cleartext-ssword'}
to the password that was retrieved from the TCP server.
4. Once the rlm_perl script returns with the OK setting, the rest will be handled by the
digest module.
Have I got it right this time? sorry for being a bit of a pain.
Z2L
----- Original Message -----
From: "Peter Nixon" <listuser at peternixon.net>
To: freeradius at zap2link.com, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, July 25, 2007 5:05:02 PM (GMT+0200) Asia/Jerusalem
Subject: Re: rml_perl question
Several people have already told you this, but I am going to have another go
at it.
You want to do Digest Authentication. That great. FreeRADIUS knows how to do
it. All you have to do is supply the Cleartext-Password.
You tell us that you have some propriatary system which holds your passwords
that you need to access over a TCP socket. Great. Feel free to do so.
Basically you need to:
a) Have the digest module enabled in the _authorize_ AND _authenticate_
sections of radiusd.conf
b) Get the password from your backend using perl and return it to FreeRADIUS
in the _authorize_ section as:
PaCleartext-ssword := "yoursupersecretpassword"
This is ALL you should have to do! Do not do anything else! Please. Just
dont!
Cheers
Peter
On Wed 25 Jul 2007, FreeRadius-ML wrote:
> Ok,
>
> What I'm trying to do is have FreeRadius perform its AAA functions again
> a PERL based backend, which reads the user information from a proprietary
> system - via a TCP interface.
>
> The authorization section and the authenticate section both have PERL
> enabled in them.
>
> (I removed the remarks for easier reading) - the first digest is
> commented, but right after perl there is another one.
> ---------- SNIP ------------
> authorize {
> preprocess
> auth_log
> # attr_filter
> # chap
> # mschap
> # digest
> # IPASS
> # suffix
> # ntdomain
> # eap
> # files
> digest
> perl
> # sql
> # etc_smbpasswd
> # ldap
> # daily
> # checkval
> # pap
> }
> ---------------------------
> You are correct in regards to the authentication section (see below), I
> missed that one: --------- SNIP ------------
> authenticate {
> # Auth-Type PAP {
> #
> # pap
> #
> # }
> # Auth-Type CHAP {
> #
> # chap
> #
> # }
> # Auth-Type MS-CHAP {
> #
> # mschap
> #
> # }
> # digest
> # pam
> unix
> # Auth-Type LDAP {
> #
> # ldap
> #
> # }
> # eap
> perl
> }
> ---------------------------
>
> I may be going about it all wrong, which I'm not ruling out. If you have
> something specific to point me at, please do.
>
> Regards,
> Z2L
> ----- Original Message -----
> From: "A L M Buxey" <A.L.M.Buxey at lboro.ac.uk>
> To: freeradius at zap2link.com, "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org> Sent: Wednesday, July 25, 2007
> 2:12:55 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question
>
> Hi,
>
> you dont have perl enabled in the authorise section of your config...you
> dont have digest enabled in your authorise or authenticate sections
> either. what are you trying to acheive?
--
Peter Nixon
http://peternixon.net/
More information about the Freeradius-Users
mailing list