User authorize with Perl-Script

Oliver Werner oliver.werner at
Tue Oct 30 14:40:35 CET 2012


I'm useing FreeRADIUS in Version 2.1.10.

I would configure my Switch-Ports Mac-Based. When a Computer wired a Perl-Script should check the Username and gives VLAN back.
For a simple Test i don't have some conditions in the Script only outputs:

use strict;
use warnings;
use DBI;

### SwitchUser ###
my $pass        = $ARGV[0];
print 'Access-Accept';
print 'Cleartext-Password := "'.$pass.'"';
exit 0;

my modules/exec looks here:

exec {
        wait = yes
        program = "/usr/bin/perl /usr/local/ %{User-Name}"
        input_pairs = request
        output = reply
        shell_escape = yes

and my sites-enabled/switch its this:

authorize {

authenticate {
post-auth {

When i wired with my PC Log Says following:

# Executing section authorize from file /etc/freeradius/sites-enabled/switchport
+- entering group authorize {...}
[php] 	expand: %{User-Name} -> aa:bb:cc:dd:ee:ff
Exec-Program output: Access-AcceptCleartext-Password := "aa:bb:cc:dd:ee:ff"
Exec-Program-Wait: plaintext: Access-AcceptCleartext-Password := "aa:bb:cc:dd:ee:ff"
Exec-Program: returned: 0
++[php] returns ok
++[expiration] returns noop
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/switchport
+- entering group authenticate {...}
[chap] login attempt by "aa:bb:cc:dd:ee:ff" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
} # server switchport
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.

Anyone knows what is wrong in my Configuration?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list