rlm_perl module not executing authenticate

Fajar A. Nugraha list at fajar.net
Wed Jun 13 04:16:21 CEST 2012


On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute <dmatute at cyphercor.com> wrote:

>> > 2/ How does Auth-Type get set? I've read a bunch of forum threads and it
>> > looks like best practice nowadays is to let the server figure it out and
>> > not set it explicitly in /etc/raddb/users, however it isn't being set.
>>
>>  It isn't being set because the default distribution doesn't use rlm_perl.
>>
>>  If you want to *force* usage of rlm_perl, you need to set Auth-Type.
>> If you want to let the server just do the right thing, leave everything
>> alone.
>>
>
> What is the best practice for this? Should the Auth-Type be set in
> /etc/raddb/users, within the module, /etc/raddb/sites-available/*?

Why do you want to set Auth-Type? As Alan already said,  if you want
to let the server just do the right thing, leave everything alone.
Meaning, you leave auth-type alone, use rlm_perl to supply user data
(e.g. cleartext-password) as needed during authorization, and let the
default authentication methods (pap, mschap, etc) does its job. If you
force set auth-type, then you're not following best practice.

That being said, from within rlm_perl you could probably set the
attribute on %RAD_CHECK (or is it %RAD_CONFIG?). If ALL your users
will use perl to authenticate then something like the default section
on /etc/raddb/users should do.

-- 
Fajar


More information about the Freeradius-Users mailing list