EAP and rlm_perl. Is it possible to build custom logic for VPN peers?
Alan DeKok
aland at deployingradius.com
Sun Sep 28 23:42:28 CEST 2014
Oleksandr Yermolenko wrote:
> can I use authenticate, authorize, accounting hooks (or post_auth)?
> I looked at example.pl.
Then you would know that the perl module can be used in those
sections. The "example.pl" has comments saying this.
> Just put "perl" in somewhere eap.conf file?
No. You don't just put random text into random files. It helps to
understand how the server works.
There is a "authorize" section. You can list modules there. This is
documented. See raddb/sites-available/default.
> authenticate a lot of VPN clients (currently I can choose EAP method),
> keeping them in mysql or ldap.
The server already has SQL and LDAP modules. You really don't want to
re-implement all of them in Perl.
> According their properties give a
> personal access to
> different local resources. Accounting: updating start/stop/alive
> messages. POD if it's possible
> for strongswan.
See raddb/sites-available/originate-coa for how to send disconnect
messages.
Alan DeKok.
More information about the Freeradius-Users
mailing list