your mail

Andrew Precht andrewprecht06 at gmail.com
Wed Oct 10 00:32:58 CEST 2012


Well I'm back...

I have changed the module line in /etc/raddb/modules/perl, from:
module = ${confdir}/example.pl
to: module = /etc/raddb/sjpl.pl

Also, in the perl file I have uncommented the line: func_authenticate
= authenticate

Next, in /etc/raddb/sites-enabled/default I added perl to the
authenticate {} section.



The sjpl.pl file is from the original example.pl file with all code
removed from between the lines:
# Function to handle authenticate, and
# Function to handle detach
Then this code is put in its place:
sub authenticate {

my $logfile = "/dev/null";
my $date = `/bin/date`;
chomp $date;
my $url = "http://catalog.sjlibrary.org:4500/PATRONAPI/" .
$RAD_REQUEST{'User-Name'} . "/" . $RAD_REQUEST{'User-Password'} .
"/pintest";
my  $output = get($url);



        if ($output =~ /RETCOD=0/) {
                `echo "$date : SUCCESS $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'}" >> $logfile`;
                $RAD_REPLY{'Reply-Message'} = "Success";
                return RLM_MODULE_OK;
        } else {
                `echo "$date : FAIL $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'}" >> $logfile`;
                $RAD_REPLY{'Reply-Message'} = "Denied access by RADIUS";
                return RLM_MODULE_REJECT;
        }
}


However, when I try a test, I get rejected.

Here is my debug output:


[root at sjplradius mlkadmin]# radiusd -X
FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on
Oct  3 2012 at 01:22:51
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/rad_recv:
Access-Request packet from host 192.168.251.93 port 50827, id=0,
length=54
        User-Name = "21197904090320"
        User-Password = "1533"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
++[perl] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "21197904090320", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 21197904090320
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.251.93 port 50827
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +69
Ready to process requests.

On Fri, Oct 5, 2012 at 3:04 PM, alan buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> I've setup a new virtual FR 2.1.12 server on centos6. I have got the
>> new server setup per
>> the docs at freeradius.org. Radtest locally and NtradPing remotely are working.
>>
>> Now, I need FR to use a Perl script to authenticate against a proprietary DB.
>> I have put in a bit of time researching how to use the Perl module.
>> But, as a newbie to FR I can't seem to find any step-by-step
>> documentation to use the Perl module.
>> Could someone point me to such documentation?
>
> edit the perl module
>
> $RADDB/modules/perl
>
> ensure that your script is named in the 'module' line
> and that its enabled in the required functions...in
> this case in authenticate (so uncomment the authenticate line)
>
> then add
>
> 'perl' to the authenticate {} section of the virtual server
> you are using....that would likely be sites-enabled/default
> or sites-enabled/inner-tunnel  with a default untouched config.
>
>
> alan, on a friday night with some vin rouge in hand
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list