%RAD_REPLY hash problem

Ana Gallardo ana.gallardo.77 at gmail.com
Tue Oct 26 21:06:25 CEST 2010


Hello,

I'm working with Freeradius 2.1.10

I want to authorize an user usng a multivaluated attribute (Relaciones), so
I use perl.

The values of the attribute Relaciones are store in ldap. Nombre-Completo is
another attribute store in ldap.

"Relaciones" is a integer value. An user is authorize if have one attribute
"Relaciones" with a positive value (no + sign).

Relaciones, Nombre-Completo and Codigo-Reject are vendor specific attributes
defined in /usr/share/freeradius/dictionary.rinuex

My script perl is:

# cat /etc/freeradius/perl/checkRelaciones.pm

#!/usr/bin/perl

use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
#use Data::Dumper;

use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the
request */
use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */

sub authorize {
    my $refRelaciones;

   if (exists  $RAD_REPLY{'Relaciones'} && defined
$RAD_REPLY{'Relaciones'}){
      $refRelaciones=$RAD_REPLY{'Relaciones'};
      foreach (@{$refRelaciones}) {
         if ($_ =~ /^[0-9]{2}/) {
            return RLM_MODULE_OK;
         }
      }
      $RAD_REPLY{'Codigo-Reject'}=11; #Sin-Relacion
   }
   return RLM_MODULE_REJECT;
}

Everything works fine.

My problem is that rlm_perl duplicate an attribute in %RAD_REPLY hash.

Debug:

rad_recv: Access-Request packet from host x.x.x.x port 56822, id=100,
length=75
    User-Name = "ana at unex.es"
    User-Password = "1111"
    Calling-Station-Id = "..."
server rinuex {

...

[ldap1] looking for check items in directory...
  [ldap1] ntPassword -> NT-Password == 0x3..
[ldap1] looking for reply items in directory...
  [ldap1] Relaciones -> Relaciones += "03"
  [ldap1] sn -> Nombre-Completo = "Ana Gallardo"
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldap1] user ana authorized to use remote access
  [ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok

...

rlm_perl: Added pair User-Name = ana at unex.es
rlm_perl: Added pair User-Password = 1111
rlm_perl: Added pair Intentos-Reject = 0
rlm_perl: Added pair SQL-User-Name = ana
rlm_perl: Added pair Realm = unex.es
rlm_perl: Added pair Stripped-User-Name = ana
rlm_perl: Added pair Calling-Station-Id = ...
rlm_perl: Added pair Nombre-Completo = Ana Gallardo
rlm_perl: Added pair Relaciones = 03
rlm_perl: Added pair Relaciones = Ana Gallardo
rlm_perl: Added pair NT-Password = 0x344...
rlm_perl: Added pair Simultaneous-Use = 1
rlm_perl: Added pair Ldap-UserDn = ...
++[perl] returns ok

...

++[pap] returns ok

...

} # server rinuex
Sending Access-Accept of id 100 to x.x.x.x port 56822
    Nombre-Completo = "Ana Gallardo"
    Relaciones += "03"
    Relaciones += "Ana Gallardo"



Any ideas??

Sorry for my english and thank you in advance.

____________________
  Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101026/f7fb8911/attachment.html>


More information about the Freeradius-Users mailing list