Perl script error when testing locally

Alan DeKok aland at deployingradius.com
Fri Sep 25 14:12:46 CEST 2020



> On Sep 24, 2020, at 9:26 PM, HORMAZABAL PI´┐ŻONES BARBARA FRANCISCA <bhp001 at alumnos.ucn.cl> wrote:
> 
>>  If you have a Perl script which does pop3 authentication, it should be
> > straightforward to run it in FreeRADIUS.
> Sorry, I don't know what you meant by that.

  It's a Perl script... if you can run it from the command line, you can tell FreeRADIUS to load the same script.  Maybe with some modifications, but that's it.

  There's no magic here.

>> But the Perl script rejected the user.
> 
> Ok so I was testing some things in a virtual machine and realized
> something. I did the exact same configuration that in the server and
> radtest locally was sucessful in the VM but not in the server. And that's
> when I noticed that whenever I used radtest [gmail acc] [password]
> localhost 0 testing123 the output I recieved had the localhost IP address
> as NAS-IP-Address and this was successful without adding the user to the
> users file. However when running the same command in the server the
> NAS-IP-Address was the IP of the server and not localhost (the same happens
> with user bob) and gets rejected,

  So... something *else* in the configuration is broken.  You added local rules which set the password for the user, but only if the packet includes the correct NAS-IP-Address.

  i.e. you edited the server configuration so that packets using one NAS-IP-Address work, and packets using another NAS-IP-Address fail.

  We don't know the IP of your RADIUS server.  So we didn't create that configuration.  The default configuration doesn't contain these rules.

  So... what did you change, and why?  It's your configuration.  You should know that.

> but it's successful if you add the mail
> and password in the users file.

  That is sort of how the RADIUS server works... if you add a username && password, that's user gets authenticated with that password.

> Basically, in VM: $radtest wifi at ucn.cl password localhost 0 testing123

  And all of that is useless.  I have NO idea why people are so insistent on looking at *client* output when they're trying to debug the *server*.

  ALL of the documentation says to run the server in debugging mode.  Then READ It.  If you're not clear on what it means, POST IT to the list.  ALL OF IT.

  You're working hard to do every EXCEPT what the documentation says to do.  Why?

  Alan DeKok.




More information about the Freeradius-Users mailing list