Enable Perl module in combination with EAP/SIM module

[Alan DeKok]

Shurbann Martes wrote
> Just wondering if there is a way to enable the Perl module to work
> without changing the users files as described
> here http://wiki.freeradius.org/modules/Rlm_perl.

  Yes.  Just list "perl" in "authorize".  Each section is independent.
You do NOT need to run "perl" in "authenticate"

> In many places (http://wiki.freeradius.org/config/Auth%20Type) I'm
> reading that it is not a good idea to intervene by setting the Auth-Type
> manually, but still on the wiki page of rlm_perl this is being described
> as the way to enable the Perl module to work.

  No, that's the way to get "perl" run in the "authenticate" section.

> Until now I've been using the Perl module alone to
> authenticate/authorize and changing the users file works great.

  I would VERY much suggest that you don't run "perl" in "authenticate".
 There is almost always no need for it.

> But now
> I need to combine EAP/SIM module with Perl module. So when the message
> contains EAP/SIM attributes it needs to authenticate using EAP module,
> else it needs to fallback to the Perl one. 

  You can key off of EAP-Message.  If it exists, don't set Auth-Type = Perl.

  This probably should be done in "unlang", instead of in the "users" file.

> With the users script changed as described on the perl_module page the
> EAP module won't work and if I don't change the users it will use
> EAP/SIM module, but Perl module will fail. So intervening here looks
> like is causing modules not to work properly

  Delete that entry from the "users" file.

> Which strategy needs one to follow when using the Perl script in
> combination with EAP/SIM. Just want to be sure that I'm using the proper
> way to enable the Perl module, without intervening in the Auth-Type.

  There is no "proper" way.  It all depends on what you need.  If you
don't need "perl" in "authenticate", don't set Auth-Type.

  Alan DeKok.