5
Need to change response type to Access-Challenge from rlm_perl
source link: http://lists.freeradius.org/pipermail/freeradius-users/2013-February/065099.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Need to change response type to Access-Challenge from rlm_perl
Mon Feb 18 18:11:41 CET 2013
More information about the Freeradius-Users mailing list
Need to change response type to Access-Challenge from rlm_perl
Walter Goulet wgoulet at gmail.comMon Feb 18 18:11:41 CET 2013
To answer my own question, I found that using the return code RLM_MODULE_OK triggers the server to respond back with Access-Accept. If I used RLM_MODULE_HANDLED instead, the response packet type was set to what I expected it to be. This makes sense since I expect the client to exchange several messages with me before I finally trigger the Access-Accept message. On Mon, Feb 18, 2013 at 9:00 AM, Walter Goulet <wgoulet at gmail.com> wrote: > Hi, >> Looking through archives for this exact question, I see a post from 2008 ( > http://www.mail-archive.com/[email protected]/msg47423.html) > where this exact question was previously asked. >> Here is my server version info: > radiusd: FreeRADIUS Version 2.2.0, for host x86_64-unknown-linux-gnu, > built on Feb 17 2013 at 03:34:41 >> Here's my code: >> # Construct HTTP request >> my $authresult = > &authamis($RAD_REQUEST{'User-Name'},$RAD_REQUEST{'User-Password'}); > &radiusd::radlog(L_DBG, "Result after authamis call -> > $authresult"); >> if($authresult eq "true") { > $RAD_CHECK{'Response-Packet-Type'} = "Access-Challenge"; > $RAD_REPLY{'Reply-Message'} = "authentication successful"; > for (keys %RAD_REPLY) { > &radiusd::radlog(L_DBG, "RAD_REPLY: $_ = > $RAD_REPLY{$_}"); > } > for (keys %RAD_CHECK) { > &radiusd::radlog(L_DBG, "RAD_CHECK: $_ = > $RAD_CHECK{$_}"); > } > for (keys %RAD_CONFIG) { > &radiusd::radlog(L_DBG, "RAD_CONFIG: $_ = > $RAD_CONFIG{$_}"); > } > return RLM_MODULE_OK > } > else { > $RAD_REPLY{'Reply-Message'} = "authentication failure"; > return RLM_MODULE_REJECT; > } >> Here is the relevant debug output: >> Found Auth-Type = perl > # Executing group from file > /opt/app/freeradius/etc/raddb/sites-enabled/default > +- entering group perl {...} > rlm_perl: RAD_REQUEST: User-Name = test > rlm_perl: RAD_REQUEST: User-Password = 42594190 > rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.65.1 > rlm_perl: AMIS request: > http://amis.jdt.com:8080/auth/authenticate/test/42594190 > rlm_perl: Result after authamis call -> true > rlm_perl: RAD_REPLY: Reply-Message = authentication successful > rlm_perl: RAD_CHECK: Response-Packet-Type = Access-Challenge > rlm_perl: RAD_CHECK: Auth-Type = perl > rlm_perl: RAD_CONFIG: Auth-Type = perl > rlm_perl: Added pair User-Name = test > rlm_perl: Added pair User-Password = 42594190 > rlm_perl: Added pair NAS-IP-Address = 192.168.65.1 > rlm_perl: Added pair Reply-Message = authentication successful > rlm_perl: Added pair Response-Packet-Type = Access-Challenge > rlm_perl: Added pair Auth-Type = perl > ++[perl] returns ok > # Executing section post-auth from file > /opt/app/freeradius/etc/raddb/sites-enabled/default > +- entering group post-auth {...} > ++[exec] returns noop > Sending Access-Accept of id 81 to 192.168.65.1 port 53504 > Reply-Message = "authentication successful" > Finished request 0. > Going to the next request >> Clearly the Access-Challenge setting is not being honored by the server. > Is there another attribute that must be set to configure the response type? >> Thanks, > Walter >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130218/3973e5ac/attachment-0001.html>
More information about the Freeradius-Users mailing list
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK