How does rlm_perl work with freeRADIUS 3?

Cornelius Kölbel cornelius.koelbel at netknights.it
Wed Aug 26 17:08:28 CEST 2015 

Am Dienstag, den 25.08.2015, 13:18 -0400 schrieb Alan DeKok:
> On Aug 25, 2015, at 3:02 AM, Cornelius Kölbel <cornelius.koelbel at netknights.it> wrote:
> > I have a question regarding rlm_perl.
> > I was using rlm_perl with FreeRADIUS 2 just fine.
> > Now I try to use rlm_perl with FreeRADIUS 3 on CentOS 7 and I am reading
> > this page.
> > 
> > http://wiki.freeradius.org/modules/Rlm_perl
> 
>   It should work.

Well, it does not.

> > 
> > But then I get an error in my authenticate section.
> > 
> > # Creating Auth-Type = Perl
> > # Loading authenticate {...}
> > /etc/raddb/sites-enabled/privacyidea[25]: "System" modules aren't
> > allowed in 'authenticate' sections -- they have no such method.
> > /etc/raddb/sites-enabled/privacyidea[21]: Errors parsing authenticate
> > section. 
> 
>    That error happens when (a) you use the module in a wrong section, or (b) you use modules from one version of the server, and radiusd from another version.

First I was using example.pl from the very same server - and I guess
this should work.

My own module, 
https://github.com/privacyidea/privacyidea/blob/master/authmodules/FreeRADIUS/privacyidea_radius.pm
which worked fine with FreeRADIUS 2 does not contain any clue, that it
is a FreeRADIUS2 module.

It provides the following functions:
sub authenticate {
sub log_request_attributes {
sub authorize {
sub preacct {
sub accounting {
sub checksimul {
sub pre_proxy {
sub post_proxy {
sub post_auth {
sub xlat {
sub detach {
sub test_call {

It has a function authenticate, which is mapped accordingly
  # Loaded module rlm_perl
  # Instantiating module "perl" from file /etc/raddb/mods-enabled/perl
  perl {
  	filename = "/etc/raddb/mods-config/perl/privacyidea_radius.pm"
  	func_authorize = "authorize"
  	func_authenticate = "authenticate"
  	func_post_auth = "post_auth"
  	func_accounting = "accounting"
  	func_preacct = "preacct"
  	func_checksimul = "checksimul"
  	func_detach = "detach"
  	func_xlat = "xlat"
  	func_pre_proxy = "pre_proxy"
  	func_post_proxy = "post_proxy"
  	func_recv_coa = "recv_coa"
  	func_send_coa = "send_coa"
  }
 } # modules

So I am wondering why the error complains, it is not allowed in the
authenticate section, although it provides an authenticate function.

Thanks
Cornelius

> 
> > Did I miss anything in the description
> > http://wiki.freeradius.org/modules/Rlm_perl?
> > 
> > What are "System" modules?
> 
>   Nothing.
> 
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Cornelius Kölbel
cornelius.koelbel at netknights.it
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150826/815eb41a/attachment.sig>

More information about the Freeradius-Users mailing list