rlm_perl and checksimul
d tbsky
tbskyd at gmail.com
Mon Apr 27 08:16:03 CEST 2015
hi:
I know why. I didn't understand the whole procedure. I should set
up attribute "Simultaneous-Use" so freeradius would call checksimul.
so I setup below at "default" site "authorize" section:
update control {
Simultaneous-Use := 1
}
and now my check code runs fine. but the result is still bad:
1. the checksimul code runs after authentication. I would prefer not
doing authentication at all if I already know this login is invalid.
if possible checksimul should run before authentication.
2. although checksimul return "RLM_MODULE_REJECT", nas still get
"Access-Accept" (which comes from success authentication). I have
found similar report at email list. I guest I need to change some
internal variable so freeradius know it is now "Access-Reject".
if checksimul runs after authentication by design, I think my best
place to put the checking code is at "authorize" section. but in one
EAP connection, the "authorize" section runs many times, which means
my checking code runs many times.
may I ask what is the best method to let the module runs only once
at "authorize" section?
Regards,
tbskyd
2015-04-27 0:38 GMT+08:00 d tbsky <tbskyd at gmail.com>:
> hi:
> I am using freeradius 3.0.4 comes with rhel 7.1.
> I want to write a checksimul perl script. but it seems won't be called.
> I create a rlm_perl instance "check_login", and put it under "default" site:
>
> session {
> check_login
> }
>
> and at perl script I write my code at finction below:
>
> sub checksimul {
> &radiusd::radlog(L_INFO, "check_login: I am here");
> return RLM_MODULE_OK;
> }
>
> but "radiusd -X" show my code is not be called after user authentication.
> the code works fine if I put it at "authroize" or "post-auth" section.
> I don't know if I miss some steps or I met a bug..
More information about the Freeradius-Users
mailing list