From: Adrian M. <adr...@gm...> - 2012-04-26 15:46:25
|
Hi, I'm trying to get Radius working and thought I'd try first with basic flat file. I have added a username and password to the /etc/raddb/users file. When the client sees the registraion page I choose radius as authentication method enter the isername and password I previously added to the flat file. When I submit the form the webpage errors with: Can't call method "check_pwd" on an undefined value at /usr/local/pf/conf/ authentication.radius.pm line 79. When I edited this file originally I was a little confused by the admin guide instructions which ask you to make the neccessary changes to the following parameters: my $RadiusServer = 'localhost'; my $RadiusSecret = 'testing123'; but I don't see these params in the file. So I just added them myself. I wonder if this is causing the problem? here is my radius.pm. Could you please see if you can spot errors? Thanks -------------------------- package authentication::radius; =head1 NAME authentication::radius - radius authentication =head1 DESCRIPTION authentication::radius allows to validate a username/password combination using RADIUS =cut use strict; use warnings; use Authen::Radius; use Log::Log4perl; my $RadiusServer = '192.168.1.10'; my $RadiusSecret = 'testing123'; use base ('pf::web::auth'); use pf::config qw($TRUE $FALSE); our $VERSION = 1.20; =head1 CONFIGURATION AND ENVIRONMENT Define the C<radiusServers> variable at the top of the module. =over =item Servers are always validated from top to bottom. =item Multiple servers are useful for fault tolerance not to try users on different RADIUS =back =cut # uncomment the second line to add another server to the list to check # you can add more lines also my $radiusServers = [ { 'host' => 'server1:1819', secret => 'secret' }, # { 'host' => 'server2:1819', secret => 'secret2' }, ]; =head2 Optional =over =item name Name displayed on the captive portal dropdown =cut our $name = "RADIUS"; =back =head1 OBJECT METHODS =over =item * authenticate ($login, $password) True if successful, false otherwise. If unsuccessful errors meant for users are available in getLastError(). Errors meant for administrators are logged in F<logs/packetfence.log>. =cut sub authenticate { my ($this, $username, $password) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); foreach my $server (@$radiusServers) { my $radcheck = new Authen::Radius( Host => $server->{'host'}, Secret => $server->{'secret'}, ); my $response = $radcheck->check_pwd($username, $password); if (Authen::Radius::get_error() eq 'ENONE') { if ($response) { return $TRUE; } else { $this->_setLastError('Invalid login or password'); return $FALSE; } } } $logger->error("Unable to perform RADIUS authentication on any server: " . Authen::Radius::get_error() ); $this->_setLastError('Unable to authenticate successfully'); return $FALSE; } =item * isAllowedToSponsorGuests Is the given email allowed to sponsor guest access? Can't perform user validation with Authen::Radius in a standard way. Override with what you deem necessary. =cut sub isAllowedToSponsorGuests { my ($this, $sponsor_email) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); $logger->error(q{Unimplemented! RADIUS module doesn't support checking for a user's existence}); return $FALSE; } =back =head1 AUTHOR Olivier Bilodeau <obi...@in...> Maikel van der roest <mvd...@ut...> =head1 COPYRIGHT Copyright (C) 2011, 2012 Inverse inc. Copyright (C) 2008 Utelisys Communications B.V. =head1 LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. =cut 1; |
From: Morris, A. <am...@ca...> - 2012-04-26 15:57:06
|
I believe the part you need to edit in the radius.pm is: my $radiusServers = [ { 'host' => 'server1:1819', secret => 'secret' }, Change server1 to your servername, and add the secret Cheers, Andi. From: Adrian Mulgrew [mailto:adr...@gm...] Sent: 26 April 2012 16:46 To: pac...@li... Subject: [PacketFence-users] Can't call method "check_pwd"... error from captive portal login page Hi, I'm trying to get Radius working and thought I'd try first with basic flat file. I have added a username and password to the /etc/raddb/users file. When the client sees the registraion page I choose radius as authentication method enter the isername and password I previously added to the flat file. When I submit the form the webpage errors with: Can't call method "check_pwd" on an undefined value at /usr/local/pf/conf/authentication.radius.pm<http://authentication.radius.pm> line 79. When I edited this file originally I was a little confused by the admin guide instructions which ask you to make the neccessary changes to the following parameters: my $RadiusServer = 'localhost'; my $RadiusSecret = 'testing123'; but I don't see these params in the file. So I just added them myself. I wonder if this is causing the problem? here is my radius.pm<http://radius.pm>. Could you please see if you can spot errors? Thanks -------------------------- package authentication::radius; =head1 NAME authentication::radius - radius authentication =head1 DESCRIPTION authentication::radius allows to validate a username/password combination using RADIUS =cut use strict; use warnings; use Authen::Radius; use Log::Log4perl; my $RadiusServer = '192.168.1.10'; my $RadiusSecret = 'testing123'; use base ('pf::web::auth'); use pf::config qw($TRUE $FALSE); our $VERSION = 1.20; =head1 CONFIGURATION AND ENVIRONMENT Define the C<radiusServers> variable at the top of the module. =over =item Servers are always validated from top to bottom. =item Multiple servers are useful for fault tolerance not to try users on different RADIUS =back =cut # uncomment the second line to add another server to the list to check # you can add more lines also my $radiusServers = [ { 'host' => 'server1:1819', secret => 'secret' }, # { 'host' => 'server2:1819', secret => 'secret2' }, ]; =head2 Optional =over =item name Name displayed on the captive portal dropdown =cut our $name = "RADIUS"; =back =head1 OBJECT METHODS =over =item * authenticate ($login, $password) True if successful, false otherwise. If unsuccessful errors meant for users are available in getLastError(). Errors meant for administrators are logged in F<logs/packetfence.log>. =cut sub authenticate { my ($this, $username, $password) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); foreach my $server (@$radiusServers) { my $radcheck = new Authen::Radius( Host => $server->{'host'}, Secret => $server->{'secret'}, ); my $response = $radcheck->check_pwd($username, $password); if (Authen::Radius::get_error() eq 'ENONE') { if ($response) { return $TRUE; } else { $this->_setLastError('Invalid login or password'); return $FALSE; } } } $logger->error("Unable to perform RADIUS authentication on any server: " . Authen::Radius::get_error() ); $this->_setLastError('Unable to authenticate successfully'); return $FALSE; } =item * isAllowedToSponsorGuests Is the given email allowed to sponsor guest access? Can't perform user validation with Authen::Radius in a standard way. Override with what you deem necessary. =cut sub isAllowedToSponsorGuests { my ($this, $sponsor_email) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); $logger->error(q{Unimplemented! RADIUS module doesn't support checking for a user's existence}); return $FALSE; } =back =head1 AUTHOR Olivier Bilodeau <obi...@in...<mailto:obi...@in...>> Maikel van der roest <mvd...@ut...<mailto:mvd...@ut...>> =head1 COPYRIGHT Copyright (C) 2011, 2012 Inverse inc. Copyright (C) 2008 Utelisys Communications B.V. =head1 LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. =cut 1; ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> |