global hash variable perl

Vinh Nguyen vhn2000 at gmail.com
Tue Mar 1 17:05:51 CET 2011


here' my debug output. All i wanted to do is to use perl to authorize. perl
will then interact with the database. during the requests, i wanted to cache
the clients info, instead of writing it to the database since it is short
lived. the client will make many authorize requests, and the cached info is
supposed to be available to the client.


FreeRADIUS Version 2.1.9, for host x86_64-unknown-linux-gnu, built on Jun 21
2010 at 13:51:58

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License v2.

Starting - reading configuration files ...

including configuration file /usr/local/etc/raddb/radiusd.conf

including configuration file /usr/local/etc/raddb/proxy.conf

including configuration file /usr/local/etc/raddb/clients.conf

including files in directory /usr/local/etc/raddb/modules/

including configuration file /usr/local/etc/raddb/modules/ntlm_auth

including configuration file /usr/local/etc/raddb/modules/radutmp

including configuration file /usr/local/etc/raddb/modules/chap

including configuration file /usr/local/etc/raddb/modules/attr_filter

including configuration file /usr/local/etc/raddb/modules/detail

including configuration file /usr/local/etc/raddb/modules/checkval

including configuration file /usr/local/etc/raddb/modules/mac2ip

including configuration file /usr/local/etc/raddb/modules/attr_rewrite

including configuration file /usr/local/etc/raddb/modules/preprocess

including configuration file /usr/local/etc/raddb/modules/pap

including configuration file /usr/local/etc/raddb/modules/smsotp

including configuration file /usr/local/etc/raddb/modules/echo

including configuration file /usr/local/etc/raddb/modules/cui

including configuration file /usr/local/etc/raddb/modules/realm

including configuration file /usr/local/etc/raddb/modules/linelog

including configuration file /usr/local/etc/raddb/modules/perl

including configuration file /usr/local/etc/raddb/modules/always

including configuration file /usr/local/etc/raddb/modules/digest

including configuration file /usr/local/etc/raddb/modules/mschap

including configuration file /usr/local/etc/raddb/modules/files

including configuration file /usr/local/etc/raddb/modules/otp

including configuration file /usr/local/etc/raddb/modules/inner-eap

including configuration file /usr/local/etc/raddb/modules/ippool

including configuration file /usr/local/etc/raddb/modules/passwd

including configuration file /usr/local/etc/raddb/modules/policy

including configuration file /usr/local/etc/raddb/modules/wimax

including configuration file /usr/local/etc/raddb/modules/sradutmp

including configuration file /usr/local/etc/raddb/modules/counter

including configuration file /usr/local/etc/raddb/modules/exec

including configuration file /usr/local/etc/raddb/modules/detail.log

including configuration file /usr/local/etc/raddb/modules/logintime

including configuration file /usr/local/etc/raddb/modules/etc_group

including configuration file /usr/local/etc/raddb/modules/smbpasswd

including configuration file /usr/local/etc/raddb/modules/pam

including configuration file /usr/local/etc/raddb/modules/acct_unique

including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /usr/local/etc/raddb/modules/expiration

including configuration file /usr/local/etc/raddb/modules/unix

including configuration file /usr/local/etc/raddb/modules/mac2vlan

including configuration file /usr/local/etc/raddb/modules/detail.example.com

including configuration file /usr/local/etc/raddb/modules/krb5

including configuration file /usr/local/etc/raddb/modules/ldap

including configuration file /usr/local/etc/raddb/modules/expr

including configuration file /usr/local/etc/raddb/modules/sql_log

including configuration file /usr/local/etc/raddb/eap.conf

including configuration file /usr/local/etc/raddb/policy.conf

including files in directory /usr/local/etc/raddb/sites-enabled/

including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket

including configuration file /usr/local/etc/raddb/sites-enabled/default

including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel

main {

allow_core_dumps = no

}

including dictionary file /usr/local/etc/raddb/dictionary

main {

prefix = "/usr/local"

localstatedir = "/usr/local/var"

logdir = "/usr/local/var/log/radius"

libdir = "/usr/local/lib"

radacctdir = "/usr/local/var/log/radius/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/usr/local/var/run/radiusd/radiusd.pid"

checkrad = "/usr/local/sbin/checkrad"

debug_level = 0

proxy_requests = yes

log {

stripped_names = no

auth = no

auth_badpass = no

auth_goodpass = no

}

security {

max_attributes = 200

reject_delay = 1

status_server = yes

}

}

radiusd: #### Loading Realms and Home Servers ####

proxy server {

retry_delay = 5

retry_count = 3

default_fallback = no

dead_time = 120

wake_all_if_all_dead = no

}

home_server localhost {

ipaddr = 127.0.0.1

port = 1812

type = "auth"

secret = "testing123"

response_window = 20

max_outstanding = 65536

require_message_authenticator = no

zombie_period = 40

status_check = "status-server"

ping_interval = 30

check_interval = 30

num_answers_to_alive = 3

num_pings_to_alive = 3

revive_interval = 120

status_check_timeout = 4

irt = 2

mrt = 16

mrc = 5

mrd = 30

}

home_server_pool my_auth_failover {

type = fail-over

home_server = localhost

}

realm example.com {

auth_pool = my_auth_failover

}

realm LOCAL {

}

radiusd: #### Loading Clients ####

client localhost {

ipaddr = 127.0.0.1

require_message_authenticator = no

secret = "testing123"

nastype = "other"

}

client GW {

ipaddr = 192.168.1.6

require_message_authenticator = no

secret = "testing123"

nastype = "cisco"

}

client test {

ipaddr = 98.194.9.20

require_message_authenticator = no

secret = "testing123"

nastype = "other"

}

radiusd: #### Instantiating modules ####

instantiate {

Module: Linked to module rlm_exec

Module: Instantiating exec

exec {

wait = no

input_pairs = "request"

shell_escape = yes

}

Module: Linked to module rlm_expr

Module: Instantiating expr

Module: Linked to module rlm_expiration

Module: Instantiating expiration

expiration {

reply-message = "Password Has Expired "

}

Module: Linked to module rlm_logintime

Module: Instantiating logintime

logintime {

reply-message = "You are calling outside your allowed timespan "

minimum-timeout = 60

}

}

radiusd: #### Loading Virtual Servers ####

server inner-tunnel {

modules {

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_pap

Module: Instantiating pap

pap {

encryption_scheme = "auto"

auto_header = no

}

Module: Linked to module rlm_chap

Module: Instantiating chap

Module: Linked to module rlm_mschap

Module: Instantiating mschap

mschap {

use_mppe = yes

require_encryption = no

require_strong = no

with_ntdomain_hack = no

}

Module: Linked to module rlm_unix

Module: Instantiating unix

unix {

radwtmp = "/usr/local/var/log/radius/radwtmp"

}

Module: Linked to module rlm_eap

Module: Instantiating eap

eap {

default_eap_type = "md5"

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 4096

}

Module: Linked to sub-module rlm_eap_md5

Module: Instantiating eap-md5

Module: Linked to sub-module rlm_eap_leap

Module: Instantiating eap-leap

Module: Linked to sub-module rlm_eap_gtc

Module: Instantiating eap-gtc

gtc {

challenge = "Password: "

auth_type = "PAP"

}

Module: Linked to sub-module rlm_eap_tls

Module: Instantiating eap-tls

tls {

rsa_key_exchange = no

dh_key_exchange = yes

rsa_key_length = 512

dh_key_length = 512

verify_depth = 0

pem_file_type = yes

private_key_file = "/usr/local/etc/raddb/certs/server.pem"

certificate_file = "/usr/local/etc/raddb/certs/server.pem"

CA_file = "/usr/local/etc/raddb/certs/ca.pem"

private_key_password = "whatever"

dh_file = "/usr/local/etc/raddb/certs/dh"

random_file = "/usr/local/etc/raddb/certs/random"

fragment_size = 1024

include_length = yes

check_crl = no

cipher_list = "DEFAULT"

make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"

cache {

enable = no

lifetime = 24

max_entries = 255

}

}

Module: Linked to sub-module rlm_eap_ttls

Module: Instantiating eap-ttls

ttls {

default_eap_type = "md5"

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

include_length = yes

}

Module: Linked to sub-module rlm_eap_peap

Module: Instantiating eap-peap

peap {

default_eap_type = "mschapv2"

copy_request_to_tunnel = no

use_tunneled_reply = no

proxy_tunneled_request_as_eap = yes

virtual_server = "inner-tunnel"

}

Module: Linked to sub-module rlm_eap_mschapv2

Module: Instantiating eap-mschapv2

mschapv2 {

with_ntdomain_hack = no

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_realm

Module: Instantiating suffix

realm suffix {

format = "suffix"

delimiter = "@"

ignore_default = no

ignore_null = no

}

Module: Linked to module rlm_files

Module: Instantiating files

files {

usersfile = "/usr/local/etc/raddb/users"

acctusersfile = "/usr/local/etc/raddb/acct_users"

preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"

compat = "no"

}

Module: Checking session {...} for more modules to load

Module: Linked to module rlm_radutmp

Module: Instantiating radutmp

radutmp {

filename = "/usr/local/var/log/radius/radutmp"

username = "%{User-Name}"

case_sensitive = yes

check_with_nas = yes

perm = 384

callerid = yes

}

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

Module: Linked to module rlm_attr_filter

Module: Instantiating attr_filter.access_reject

attr_filter attr_filter.access_reject {

attrsfile = "/usr/local/etc/raddb/attrs.access_reject"

key = "%{User-Name}"

}

} # modules

} # server

server {

modules {

Module: Checking authenticate {...} for more modules to load

Module: Linked to module rlm_perl

Module: Instantiating perl

perl {

module = "/usr/local/etc/raddb/example.pl"

func_authorize = "authorize"

func_authenticate = "authenticate"

func_accounting = "accounting"

func_preacct = "preacct"

func_checksimul = "checksimul"

func_detach = "detach"

func_xlat = "xlat"

func_pre_proxy = "pre_proxy"

func_post_proxy = "post_proxy"

func_post_auth = "post_auth"

func_recv_coa = "recv_coa"

func_send_coa = "send_coa"

}

Module: Checking authorize {...} for more modules to load

Module: Linked to module rlm_preprocess

Module: Instantiating preprocess

preprocess {

huntgroups = "/usr/local/etc/raddb/huntgroups"

hints = "/usr/local/etc/raddb/hints"

with_ascend_hack = no

ascend_channels_per_line = 23

with_ntdomain_hack = no

with_specialix_jetstream_hack = no

with_cisco_vsa_hack = no

with_alvarion_vsa_hack = no

}

Module: Checking preacct {...} for more modules to load

Module: Linked to module rlm_acct_unique

Module: Instantiating acct_unique

acct_unique {

key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"

}

Module: Checking accounting {...} for more modules to load

Module: Linked to module rlm_detail

Module: Instantiating detail

detail {

detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"

header = "%t"

detailperm = 384

dirperm = 493

locking = no

log_packet_header = no

}

Module: Instantiating attr_filter.accounting_response

attr_filter attr_filter.accounting_response {

attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"

key = "%{User-Name}"

}

Module: Checking session {...} for more modules to load

Module: Checking post-proxy {...} for more modules to load

Module: Checking post-auth {...} for more modules to load

} # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

type = "auth"

ipaddr = *

port = 0

Failed binding to authentication address * port 1812: Address already in use


/usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0
port 1812


On Tue, Mar 1, 2011 at 3:00 AM, Alexander Clouter <alex at digriz.org.uk>wrote:

> Hi,
>
> * Vinh Nguyen <vhn2000 at gmail.com> [2011-03-01 00:37:17-0600]:
> >
> > something is very strange in my case.
> >
> > I used the global variable like you pointed out. Then I tested the logic
> and
> > it seems like the hash variable isn't cache properly. The data is not
> > cached. I gave up and tried again in couple hours. And then it magically
> > worked. now the hash variable is caching the data as expected. But I'm a
> bit
> > confused as why it wasn't working in the first place.
> >
> Looks like Alan has just updated the Perl example:
>
>
> https://github.com/alandekok/freeradius-server/blob/master/src/modules/rlm_perl/example.pl
>
> Looking at what is going on, I think there might be some indirect
> 'BEGIN' abuse that causes this to work.  I spoke to my 'goto' Perl
> friend and he suggested that the following is the way to probably do
> this:
> ----
> our %static_hash;
> ----
>
> From my mod_perl experiences, that does sound/feel familiar.
>
> Anyway, in my example just does caching for an EAP session between the
> first call through authorize{} and the final post-auth{} call; which
> probably explains why it works for me.
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: BOFH excuse #10:
>                  hardware stress fractures
>



-- 
Computer Science B.S. at Texas A&M
C# .Net Developer
Server Analyst.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110301/8d9ed11d/attachment.html>


More information about the Freeradius-Users mailing list