your mail

[Phil Mayers]

On 09/10/12 23:32, Andrew Precht wrote:

> to: module = /etc/raddb/sjpl.pl
>
> Also, in the perl file I have uncommented the line: func_authenticate
> = authenticate
>
> Next, in /etc/raddb/sites-enabled/default I added perl to the
> authenticate {} section.

Your problem is that the script is just wrong.

You're running in the "authorize" section:

> Access-Request packet from host 192.168.251.93 port 50827, id=0,
> length=54
>          User-Name = "21197904090320"
>          User-Password = "1533"
> # Executing section authorize from file /etc/raddb/sites-enabled/default
> +- entering group authorize {...}
> rlm_perl: Added pair User-Name = 21197904090320
> rlm_perl: Added pair User-Password = 1533
> ++[perl] returns ok

...but you're not arranging for yourself to be run in the authenticate 
section:

> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "21197904090320", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request:

...i.e. Auth-Type is unset, so "authenticate" never runs.

There are many ways to solve this. Here's one:

authorize {
   ...
   perl
   if (ok) {
     update control {
       Auth-Type = perl
     }
   }
   ...
}
authenticate {
   ...
   Auth-Type perl {
     perl
   }
   ...
}

Alternatively you could make your "perl" script set the "Auth-Type" item 
in the control list. And so on.

The point is you need to set an Auth-Type, and make your "perl" script 
handle it.