EAP and rlm_perl. Is it possible to build custom logic for VPN peers?

Alan DeKok aland at deployingradius.com
Sun Sep 28 23:42:28 CEST 2014

Oleksandr Yermolenko wrote:
> can I use  authenticate, authorize, accounting hooks (or post_auth)?
> I looked at example.pl.

  Then you would know that the perl module can be used in those
sections.  The "example.pl" has comments saying this.

> Just put "perl" in somewhere eap.conf file?

  No.  You don't just put random text into random files.  It helps to
understand how the server works.

  There is a "authorize" section.  You can list modules there.  This is
documented.  See raddb/sites-available/default.

> authenticate a lot of VPN clients (currently I can choose EAP method),
> keeping them in mysql or ldap.

  The server already has SQL and LDAP modules.  You really don't want to
re-implement all of them in Perl.

> According their properties give a
> personal access to
> different local resources. Accounting: updating start/stop/alive
> messages. POD if it's possible
> for strongswan.

  See raddb/sites-available/originate-coa for how to send disconnect

  Alan DeKok.

More information about the Freeradius-Users mailing list