Enable Perl module in combination with EAP/SIM module

Shurbann Martes shurbann at gmail.com
Fri Jan 3 16:58:16 CET 2014


Hi Alan,

Thank your for the response.

All the RADIUS PDU's need to be ammped to the HTTP API of a AAA server. So
we're using the Perl module to do the HTTP calls. That's why we're using
perl in authenticate. If there is another way to proxy HTTP calls please
advise.

Regards,
Shurbann Martes



On Fri, Jan 3, 2014 at 10:47 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Shurbann Martes wrote
> > Just wondering if there is a way to enable the Perl module to work
> > without changing the users files as described
> > here http://wiki.freeradius.org/modules/Rlm_perl.
>
>   Yes.  Just list "perl" in "authorize".  Each section is independent.
> You do NOT need to run "perl" in "authenticate"
>
> > In many places (http://wiki.freeradius.org/config/Auth%20Type) I'm
> > reading that it is not a good idea to intervene by setting the Auth-Type
> > manually, but still on the wiki page of rlm_perl this is being described
> > as the way to enable the Perl module to work.
>
>   No, that's the way to get "perl" run in the "authenticate" section.
>
> > Until now I've been using the Perl module alone to
> > authenticate/authorize and changing the users file works great.
>
>   I would VERY much suggest that you don't run "perl" in "authenticate".
>  There is almost always no need for it.
>
> > But now
> > I need to combine EAP/SIM module with Perl module. So when the message
> > contains EAP/SIM attributes it needs to authenticate using EAP module,
> > else it needs to fallback to the Perl one.
>
>   You can key off of EAP-Message.  If it exists, don't set Auth-Type =
> Perl.
>
>   This probably should be done in "unlang", instead of in the "users" file.
>
> > With the users script changed as described on the perl_module page the
> > EAP module won't work and if I don't change the users it will use
> > EAP/SIM module, but Perl module will fail. So intervening here looks
> > like is causing modules not to work properly
>
>   Delete that entry from the "users" file.
>
> > Which strategy needs one to follow when using the Perl script in
> > combination with EAP/SIM. Just want to be sure that I'm using the proper
> > way to enable the Perl module, without intervening in the Auth-Type.
>
>   There is no "proper" way.  It all depends on what you need.  If you
> don't need "perl" in "authenticate", don't set Auth-Type.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140103/4ddf4675/attachment.html>


More information about the Freeradius-Users mailing list