rlm_perl error

JUND, Aurélien aurelien.jund at sfr.com
Mon Aug 30 17:22:29 CEST 2010 

I'd like to put a value in Cleartext-Password (for chap authentifiaction) and add a reply attribute Callback-Number. I get these data from a ldap server, my script work well to get the data but I have trouble for using them outside the script. 

For troubleshooting I use a simplified version with fix values, I call the perl module again for authenticate in order to see if the request is well updated: 

example.pl:

sub authorize {
        if ($RAD_REQUEST{'Service-Type'} =  "Framed-User"){

       $RAD_CHECK{'Cleartext-Password'} = "11111";
       $RAD_REPLY{'Callback-Number'} = "Number";

        return RLM_MODULE_OK }
        else {return RLM_MODULE_REJECT}
}

sub authenticate {
        if ($RAD_REQUEST{'Service-Type'} =  "Framed-User"){
      return RLM_MODULE_OK }
        else {return RLM_MODULE_REJECT}
}





Here is the output in freeradius log:

Ready to process requests.
rad_recv: Access-Request packet from host 172.16.0.11 port 60818, id=88, length=127
        User-Name = "testuser"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
        CHAP-Challenge = 0x31323334353637383930313233343536
+- entering group authorize {...}
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
GOT CLONE 873921248 0x1d0e030
rlm_perl: Added pair NAS-Port-Type = Async
rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 987654321
rlm_perl: Added pair Called-Station-Id = 123456789
rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair NAS-Identifier = 203.63.154.1
rlm_perl: Added pair NAS-IP-Address = 203.63.154.1
rlm_perl: Added pair NAS-Port = 1234
rlm_perl: Added pair Auth-Type = CHAP
++[perl] returns ok
[attr_filter.pre-auth]  expand: %{Realm} ->
++[attr_filter.pre-auth] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
rlm_perl: Added pair NAS-Port-Type = Async
rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Called-Station-Id = 123456789
rlm_perl: Added pair Calling-Station-Id = 987654321
rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair NAS-Identifier = 203.63.154.1
rlm_perl: Added pair NAS-Port = 1234
rlm_perl: Added pair NAS-IP-Address = 203.63.154.1
rlm_perl: Added pair Auth-Type = CHAP
++[perl] returns ok
[chap] login attempt by "testuser" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available): [testuser/<CHAP-Password>] (from client ext port 1234 cli 987654321)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> testuser
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 88 to 172.16.0.11 port 60818
Waking up in 4.9 seconds.


Obviously I did something wrong, but cant figure out what. Any Idea ? 

-----Message d'origine-----
De : freeradius-users-bounces+aurelien.jund=sfr.com at lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr.com at lists.freeradius.org] De la part de Boian Jordanov
Envoyé : mercredi 25 août 2010 23:30
À : FreeRadius users mailing list
Cc : Boian Jordanov
Objet : Re: rlm_perl error


On Aug 25, 2010, at 4:47 PM, JUND, Aurélien wrote:

> I'm running freeradius-server-2.1.7. I found this information in the default perl module configuration file. 
> 
> ----------
> De : freeradius-users-bounces+aurelien.jund=sfr.com at lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr.com at lists.freeradius.org] De la part de Alan DeKok
> Envoyé : mercredi 25 août 2010 14:35
> À : FreeRadius users mailing list
> Objet : Re: rlm_perl error
> 
> Bjørn Mork wrote:
>> "JUND, Aurélien" <aurelien.jund at sfr.com> writes:
>> 
>>> 3 hashes are given to the module and  filled with value-pairs (Attribute names and values):
>>> 
>>>        #  %RAD_CHECK           Read-only       Check items
>>>        #  %RAD_REQUEST         Read-only       Attributes from the request
>>>        #  %RAD_REPLY           Read-write      Attributes for the reply


modules/perl ... this have to be updated.

all hashes are read-write



>>> 
>>> Why are %RAD_CHECK            and %RAD_REQUEST Read-Only? 
>> 
>> I believe this is wrong. rlm_perl copies data back from all 5 hashes
>> (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, RAD_REQUEST_PROXY_REPLY):
> 
>  It may be correct if he's running a very old version of the server.
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list