final rlm_perl question, hopefully...

FreeRadius-ML freeradius at zap2link.com
Thu Jul 26 17:59:13 CEST 2007


Hi all,

  Please disregard, I've solved the thing ;-) Silly typo in the return.

Z2L

----- Original Message -----
From: "FreeRadius-ML" <freeradius at zap2link.com>
To: "freeradius-users" <freeradius-users at lists.freeradius.org>
Sent: Thursday, July 26, 2007 6:41:21 PM (GMT+0200) Asia/Jerusalem
Subject: Fwd: final rlm_perl question, hopefully...

Hi All,

  Ok, after reviewing all the information that was received, I've setup my FreeRadius
as following:

1. The authorize and authenticate sections are setup to activate digest and perl.
2. My rlm_perl script utilizes the following lines in order to return the unencrypted 
   user password back to FreeRadius for digest authentication:

   $RAD_CHECK{'Cleartext-Password'} = "xxxxxx";   # Remove this line for production
   $RAD_CHECK{'User-Password'}="xxxxxx";          # Remove this line for production

   I just put these inside my script for checking, later on this information will be
retrieved from an external source.

  Now, FreeRadius activates my rlm_perl module, no problem, as I can see the various 
reply fields being setup, however, I'm still getting the following error:


rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: Digest-Response = 632905a2325f672f049800eda7df9ee4
rlm_perl: RAD_REQUEST: User-Name = z2l at 192.168.2.80
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Sip-Uri-User = z2l
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xbbc93f0)
rlm_perl: RAD_REPLY: Reply-Message = User accepted by z2l WSDL
rlm_perl: RAD_REPLY: z2l-Duration = 60
rlm_perl: RAD_REPLY: z2l-Status = 2
rlm_perl: RAD_REPLY: z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Reply-Message = User accepted by z2l
rlm_perl: Added pair z2l-Duration = 60
rlm_perl: Added pair z2l-Status = 2
rlm_perl: Added pair z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Cleartext-Password = z2l
rlm_perl: Added pair User-Password = z2l
rlm_perl: Added pair Auth-Type = digest
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xb933260
  modcall[authorize]: module "perl" returns ok for request 5
    rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l at 192.168.2.80"
    rlm_realm: No such realm "192.168.2.80"
  modcall[authorize]: module "suffix" returns noop for request 5
modcall: leaving group authorize (returns ok) for request 5
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Login incorrect: [z2l at 192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 3 seconds...

  Now, my configuration is very very simple. In the authorize I have digest and perl 
enabled, in authenticate I have only digest enabled. If I read the debug correctly, the 
authorization is going ok:

  modcall[authorize]: module "perl" returns ok for request 5
    rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l at 192.168.2.80"
    rlm_realm: No such realm "192.168.2.80"
  modcall[authorize]: module "suffix" returns noop for request 5
  modcall: leaving group authorize (returns ok) for request 5

  However, the authentication section fails: 

    rad_check_password:  Found Auth-Type DIGEST
  auth: type "digest"
    Processing the authenticate section of radiusd.conf
  modcall: entering group authenticate for request 5
  rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
    modcall[authenticate]: module "digest" returns invalid for request 5
  modcall: leaving group authenticate (returns invalid) for request 5
  auth: Failed to validate the user.
  Login incorrect: [z2l at 192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060)

  So, I'm either returning something in the wrong way, or I've broken something again.
Any pointers on the issue would be highly appreciated.

Regards,
  Z2L

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list