rlm_perl module not executing authenticate

Diego Matute dmatute at cyphercor.com
Fri Jun 15 15:27:19 CEST 2012


Fajar. Thanks for the tip.

This indeed works. In fact as Alan alluded to, placing the configuration in
either users or the module will work. Here are the configurations that
worked:

/etc/raddb/users:

DEFAULT Auth-Type = Perl
             Fall-Through = yes

OR

/etc/raddb/example:

# Function to handle authorize
sub authorize {
        # For debugging purposes only
        &log_request_attributes;

        # Here's where your authorization code comes
        # You can call another function from here:
        &test_call;

        $RAD_CHECK{'Auth-Type'} = "Perl";
        $RAD_CHECK{'Fall-Through'} = "yes";

        return RLM_MODULE_OK;
}

Cheers and thanks!

Diego

On Tue, Jun 12, 2012 at 10:16 PM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute <dmatute at cyphercor.com>
> wrote:
>
> >> > 2/ How does Auth-Type get set? I've read a bunch of forum threads and
> it
> >> > looks like best practice nowadays is to let the server figure it out
> and
> >> > not set it explicitly in /etc/raddb/users, however it isn't being set.
> >>
> >>  It isn't being set because the default distribution doesn't use
> rlm_perl.
> >>
> >>  If you want to *force* usage of rlm_perl, you need to set Auth-Type.
> >> If you want to let the server just do the right thing, leave everything
> >> alone.
> >>
> >
> > What is the best practice for this? Should the Auth-Type be set in
> > /etc/raddb/users, within the module, /etc/raddb/sites-available/*?
>
> Why do you want to set Auth-Type? As Alan already said,  if you want
> to let the server just do the right thing, leave everything alone.
> Meaning, you leave auth-type alone, use rlm_perl to supply user data
> (e.g. cleartext-password) as needed during authorization, and let the
> default authentication methods (pap, mschap, etc) does its job. If you
> force set auth-type, then you're not following best practice.
>
> That being said, from within rlm_perl you could probably set the
> attribute on %RAD_CHECK (or is it %RAD_CONFIG?). If ALL your users
> will use perl to authenticate then something like the default section
> on /etc/raddb/users should do.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120615/7931fb95/attachment.html>


More information about the Freeradius-Users mailing list