Need to change response type to Access-Challenge from rlm_perl

Walter Goulet wgoulet at gmail.com
Mon Feb 18 18:11:41 CET 2013


To answer my own question, I found that using the return code RLM_MODULE_OK
triggers the server to respond back with Access-Accept. If I used
RLM_MODULE_HANDLED instead, the response packet type was set to what I
expected it to be. This makes sense since I expect the client to exchange
several messages with me before I finally trigger the Access-Accept message.


On Mon, Feb 18, 2013 at 9:00 AM, Walter Goulet <wgoulet at gmail.com> wrote:

> Hi,
>
> Looking through archives for this exact question, I see a post from 2008 (
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg47423.html)
> where this exact question was previously asked.
>
> Here is my server version info:
> radiusd: FreeRADIUS Version 2.2.0, for host x86_64-unknown-linux-gnu,
> built on Feb 17 2013 at 03:34:41
>
> Here's my code:
>
>   # Construct HTTP request
>
>         my $authresult =
> &authamis($RAD_REQUEST{'User-Name'},$RAD_REQUEST{'User-Password'});
>         &radiusd::radlog(L_DBG, "Result after authamis call ->
> $authresult");
>
>         if($authresult eq "true") {
>                 $RAD_CHECK{'Response-Packet-Type'} = "Access-Challenge";
>                 $RAD_REPLY{'Reply-Message'} = "authentication successful";
>                 for (keys %RAD_REPLY) {
>                         &radiusd::radlog(L_DBG, "RAD_REPLY: $_ =
> $RAD_REPLY{$_}");
>                 }
>                 for (keys %RAD_CHECK) {
>                         &radiusd::radlog(L_DBG, "RAD_CHECK: $_ =
> $RAD_CHECK{$_}");
>                 }
>                 for (keys %RAD_CONFIG) {
>                         &radiusd::radlog(L_DBG, "RAD_CONFIG: $_ =
> $RAD_CONFIG{$_}");
>                 }
>                 return RLM_MODULE_OK
>         }
>         else {
>                 $RAD_REPLY{'Reply-Message'} = "authentication failure";
>                 return RLM_MODULE_REJECT;
>         }
>
> Here is the relevant debug output:
>
> Found Auth-Type = perl
> # Executing group from file
> /opt/app/freeradius/etc/raddb/sites-enabled/default
> +- entering group perl {...}
> rlm_perl: RAD_REQUEST: User-Name = test
> rlm_perl: RAD_REQUEST: User-Password = 42594190
> rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.65.1
> rlm_perl: AMIS request:
> http://amis.jdt.com:8080/auth/authenticate/test/42594190
> rlm_perl: Result after authamis call -> true
> rlm_perl: RAD_REPLY: Reply-Message = authentication successful
> rlm_perl: RAD_CHECK: Response-Packet-Type = Access-Challenge
> rlm_perl: RAD_CHECK: Auth-Type = perl
> rlm_perl: RAD_CONFIG: Auth-Type = perl
> rlm_perl: Added pair User-Name = test
> rlm_perl: Added pair User-Password = 42594190
> rlm_perl: Added pair NAS-IP-Address = 192.168.65.1
> rlm_perl: Added pair Reply-Message = authentication successful
> rlm_perl: Added pair Response-Packet-Type = Access-Challenge
> rlm_perl: Added pair Auth-Type = perl
> ++[perl] returns ok
> # Executing section post-auth from file
> /opt/app/freeradius/etc/raddb/sites-enabled/default
> +- entering group post-auth {...}
> ++[exec] returns noop
> Sending Access-Accept of id 81 to 192.168.65.1 port 53504
>         Reply-Message = "authentication successful"
> Finished request 0.
> Going to the next request
>
> Clearly the Access-Challenge setting is not being honored by the server.
> Is there another attribute that must be set to configure the response type?
>
> Thanks,
> Walter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130218/3973e5ac/attachment-0001.html>


More information about the Freeradius-Users mailing list