ENV variables in external scripts

Ivan Kalik tnt at kalik.net
Wed Apr 9 18:06:29 CEST 2008


What freeradius version? I don't think that you can bypass chap in 1.1.x
but it can be done in 2.0 with unlang. pap is listed last, so it will be
bypassed in both versions.

Ivan Kalik
Kalik Informatika ISP


Dana 9/4/2008, "rsg" <ranil.santhish at gmail.com> piše:

>Hi,
>
>Thanks a lot for the suggestion. I have a few more queries with regard
>to rlm_perl integration.
>
>When this module is used for Calling-Station-Id based auth, would it
>be independent of whether it is CHAP or PAP.
>
>I tried with
>
>.../users
>
>DEFAULT Auth-Type = perl
>                Fall-Through = 1
>:
>:
>
>And the rlm_perl for Authentication and Authorization
>
>Observations:
>
>1) When a "CHAP-Password" is  received the perl script used does not
>authenticate as it calls the CHAP module
>2) When a "User-Password"  is received the user authentication is successful.
>
>Here's the test perl script that I've tried with.
>
>-------------------
>use warnings;
>use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
>use Data::Dumper;
>
>
>use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the request */
>use constant    RLM_MODULE_FAIL=>      1;#  /* module failed, don't reply */
>use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */
>use constant    RLM_MODULE_HANDLED=>   3;#  /* the module handled the
>request, so stop. */
>use constant    RLM_MODULE_INVALID=>   4;#  /* the module considers
>the request invalid. */
>use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the request
>(user is locked out) */
>use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found */
>use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded
>without doing anything */
>use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs modified) */
>use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many return codes
>there are */
>
>
># Function to handle authenticate
>sub authenticate {
>if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
>  $RAD_REPLY{'Reply-Message'} = "OK --------->";
>  return RLM_MODULE_OK;
>  }else {
>  return RLM_MODULE_NOTFOUND;
>  }
>}
>
># Function to handle authorize
>sub authorize {
>
>if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
>
>    return RLM_MODULE_OK;
>
>  }else {
>
>  return RLM_MODULE_FAIL;
>  }
>}
>
>------------------------------------------------------------------
>
>Could you advise how could I tackle this issue to bypass CHAP/PAP
>status when CallerId is allowed ?
>
>Thanks,
>rg
>
>
>
>
>On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt at kalik.net> wrote:
>> >With rlm_perl can external perl scripts be easily used as with
>>  >Exec-Program-Wait ?
>>
>>  Easier:
>>
>>  http://wiki.freeradius.org/Rlm_perl
>>
>>
>>  Ivan Kalik
>>  Kalik Informatika ISP
>>
>>
>>
>> -
>>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list