perlquestion
serafina
<p>Hello, all! I'm here for a bit of help using Authen::Radius to authenticate against RADIUS with LDAP in the backend. My problem is that RADIUS is receiving a packet from Authen::Radius with the password encrypted or corrupted, so the user is not authenticated. The password needs to be in plaintext. radtest is able to authenticate successfully.</p>
<code>#!/usr/bin/perl -w
# radtest username "ldappassword" localhost 2 testing123
use strict;
use Authen::Radius;
my $r = new Authen::Radius(
Host => 'localhost',
Secret => 'radiuspassword',
Debug => 1
);
$r->load_dictionary('/etc/freeradius/dictionary');
#$r->check_pwd('username', 'ldappassword'); # also fails
$r->add_attributes (
{ Name => 'User-Name', Value => 'username' },
{ Name => 'NAS-IP-Address', Value => '127.0.0.1' },
{ Name => 'User-Password', Value => 'ldappassword' },
{ Name => 'NAS-Port', Value => '2' },
);
$r->send_packet(ACCESS_REQUEST) || print "send_packet failed\n";
my $type = $r->recv_packet(1);
if (!$type && $r->get_error() eq 'EBADAUTH') {
print "Authentication failed\n";
exit();
}
print "server response type = $type\n";
</code>
<p>The output of this script is "Authentication failed." As indicated above, radtest is able to authenticate and prints the password in plain text in the log. However, with Authen::Radius, the log contains (with jibberish replacing each instance of "#65533;" here):</p>
<code>rad_recv: Access-Request packet from host 127.0.0.1 port 58912, id=203, length=50
User-Name = "username"
User-Password = "=\337R\3361\001ا.!\353\346\352\010ܫ"
NAS-IP-Address = 127.0.0.1
*snip*
[ldap] login attempt by "username" with password "=�R�1?ا.!���?ܫ"
[ldap] user DN: uid=username,ou=People,dc=example,dc=com
[ldap] (re)connect to localhost:389, authentication 1
[ldap] bind as uid=username,ou=People,dc=example,dc=com/=�R�1?ا.!���?ܫ to localhost:389
[ldap] waiting for bind result ...
[ldap] Bind failed with invalid credentials
++[ldap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!
</code>
<p>When using radtest, log looks like this:</p>
<code>rad_recv: Access-Request packet from host 127.0.0.1 port 47900, id=129, length=74
User-Name = "username"
User-Password = "ldappassword"
NAS-IP-Address = 127.0.0.1
NAS-Port = 2
Message-Authenticator = 0x935a295ea594eea2237c17b4cdb74a5e
</code>
<p>How can I make Authen::Radius send the request like this so that it will get authenticated correctly?</p>