rlm_perl and tagged attributes problem
Alexandr Kovalenko
alexandr.kovalenko at gmail.com
Mon Mar 30 10:23:11 CEST 2009
Hello
I'm trying to set up FreeRADIUS with rlm_perl module to have ability
to interoperate with our billing/provisioning system.
FreeRADIUS version:
# radiusd -v
radiusd: FreeRADIUS Version 1.1.7, for host amd64-portbld-freebsd6.3,
built on Jan 15 2009 at 18:36:52
Perl version:
# perl -V
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
Platform:
osname=freebsd, osvers=6.3-rc2, archname=amd64-freebsd
We are using Juniper ERX-310 BRAS to terminate our customers and to
configure policies and so on, he need few attributes to be tagged.
Here is what normal session should be like to:
[never at nemo ~]$ radtest admin test 127.0.0.1 2 testing123
Sending Access-Request of id 229 to 127.0.0.1 port 1812
User-Name = "admin"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=229, length=126
ERX-Qos-Profile-Name = "SP_Tele_Internet"
ERX-Qos-Parameters = "internet_tr_value 2097152"
Framed-IP-Address = 10.0.112.2
Framed-IP-Netmask = 255.255.255.255
ERX-Service-Statistics:1 = time-volume
ERX-Service-Activate:1 = "telesys(1048576)"
Please note ERX-Service-Statistics:1 and ERX-Service-Activate:1 attributes.
I have minimized code in Perl module to achieve this, to exclude any
possibility of our system influence:
sub authorize {
if (($RAD_REQUEST{'User-Name'} eq 'admin') and
($RAD_REQUEST{'User-Password'} eq 'test')) {
$RAD_REPLY{'ERX-Service-Activate:1'} = 'telesys(1048576)';
$RAD_REPLY{'ERX-Service-Statistics:1'} = 'time-volume';
$RAD_REPLY{'ERX-Qos-Parameters'} = "internet_tr_value 2097152";
$RAD_REPLY{'ERX-Qos-Profile-Name'} = "SP_Tele_Internet";
$RAD_REPLY{'Framed-IP-Address'} = '10.0.112.2';
$RAD_REPLY{'Framed-IP-Netmask'}= "255.255.255.255";
return RLM_MODULE_OK;
};
}
Now let me to describe what happens.
When I restart radiusd and issue 1st radius Access-Request packet, it
returns attributes as expected. But the next one returns this:
$ radtest admin test 127.0.0.1 2 testing123
Sending Access-Request of id 32 to 127.0.0.1 port 1812
User-Name = "admin"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=32, length=125
ERX-Qos-Profile-Name = "SP_Tele_Internet"
ERX-Qos-Parameters = "internet_tr_value 2097152"
Framed-IP-Address = 10.0.112.2
Framed-IP-Netmask = 255.255.255.255
ERX-Service-Statistics:0 = time-volume
ERX-Service-Activate:0 = "telesys(1048576)"
Please note ":0" after 2 last ERX-* attributes, which is a) incorrect,
b) in perl code it is clearly written as ":1".
Please help me to resolve this issue. Thanks in advance.
Here is log of correct behavior:
------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:64032, id=42, length=57
User-Name = "admin"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
Using perl at 0x592370
rlm_perl: $VAR1 = {};
rlm_perl: defined
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair ERX-Service-Activate = telesys (1048576)
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Service-Statistics = time-volume
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
modcall[authorize]: module "perl" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Perl
auth: type "Perl"
Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 0
Using perl at 0x592370
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
modcall[authenticate]: module "perl" returns ok for request 0
modcall: leaving group Perl (returns ok) for request 0
Sending Access-Accept of id 42 to 127.0.0.1 port 64032
ERX-Qos-Parameters = "internet_tr_value 2097152"
ERX-Service-Activate:1 = "telesys (1048576)"
ERX-Qos-Profile-Name = "SP_Tele_Internet"
ERX-Service-Statistics:1 = time-volume
Framed-IP-Address = 10.0.112.2
Framed-IP-Netmask = 255.255.255.255
Finished request 0
--------------------------------------------
Here is log of next try:
--------------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:49908, id=68, length=57
User-Name = "admin"
User-Password = "test"
NAS-IP-Address = 255.255.255.255
NAS-Port = 2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 1
Using perl at 0x592370
rlm_perl: $VAR1 = {};
rlm_perl: defined
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair ERX-Service-Activate = telesys (1048576)
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Service-Statistics = time-volume
rlm_perl: ERROR: Failed to create pair Primary-DNS = 77.91.190.21
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: ERROR: Failed to create pair Secondary-DNS = 77.91.190.24
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
modcall[authorize]: module "perl" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type Perl
auth: type "Perl"
Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 1
Using perl at 0x592370
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
modcall[authenticate]: module "perl" returns ok for request 1
modcall: leaving group Perl (returns ok) for request 1
Sending Access-Accept of id 68 to 127.0.0.1 port 49908
ERX-Qos-Parameters = "internet_tr_value 2097152"
ERX-Service-Activate:0 = "telesys (1048576)"
ERX-Qos-Profile-Name = "SP_Tele_Internet"
ERX-Service-Statistics:0 = time-volume
Framed-IP-Address = 10.0.112.2
Framed-IP-Netmask = 255.255.255.255
Finished request 1
--
Alexandr Kovalenko
http://uafug.org.ua/
More information about the Freeradius-Users
mailing list