1Radius(3)             User Contributed Perl Documentation            Radius(3)
2
3
4

NAME

6       Authen::Radius - provide simple Radius client facilities
7

SYNOPSIS

9         use Authen::Radius;
10
11         $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret');
12         print "auth result=", $r->check_pwd('myname', 'mypwd'), "\n";
13
14         $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret');
15         Authen::Radius->load_dictionary();
16         $r->add_attributes (
17               { Name => 'User-Name', Value => 'myname' },
18               { Name => 'Password', Value => 'mypwd' },
19       # RFC 2865 http://www.ietf.org/rfc/rfc2865.txt calls this attribute
20       # User-Password. Check your local RADIUS dictionary to find
21       # out which name is used on your system
22       #       { Name => 'User-Password', Value => 'mypwd' },
23               { Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
24               { Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
25         );
26         $r->send_packet(ACCESS_REQUEST) and $type = $r->recv_packet();
27         print "server response type = $type\n";
28         for $a ($r->get_attributes()) {
29           print "attr: name=$a->{'Name'} value=$a->{'Value'}\n";
30         }
31

DESCRIPTION

33       The "Authen::Radius" module provides a simple class that allows you to
34       send/receive Radius requests/responses to/from a Radius server.
35

CONSTRUCTOR

37       new ( Host => HOST, Secret => SECRET [, TimeOut => TIMEOUT] [,Service
38       => SERVICE] [, Debug => Bool] [, LocalAddr => hostname[:port]]
39       [,Rfc3579MessageAuth => Bool] [,NodeList= NodeListArrayRef])
40           Creates & returns a blessed reference to a Radius object, or undef
41           on failure.  Error status may be retrieved with
42           "Authen::Radius::get_error" (errorcode) or
43           "Authen::Radius::strerror" (verbose error string).
44
45           The default "Service" is "radius", the alternative is
46           "radius-acct".  If you do not specify port in the "Host" as a
47           "hostname:port", then port specified in your /etc/services will be
48           used. If there is nothing there, and you did not specify port
49           either then default is 1645 for "radius" and 1813 for
50           "radius-acct".
51
52           Optional parameter "Debug" with a Perl "true" value turns on
53           debugging (verbose mode).
54
55           Optional parameter "LocalAddr" may contain local IP/host bind
56           address from which RADIUS packets are sent.
57
58           Optional parameter "Rfc3579MessageAuth" with a Perl "true" value
59           turns on generating of Message-Authenticator for Access-Request
60           (RFC3579, section 3.2).  The Message-Authenticator is always
61           generated for Status-Server packets.
62
63           Optional parameter "NodeList" may contain a Perl reference to an
64           array, containing a list of Radius Cluster nodes. Each nodes in the
65           list can be specified using a hostname or IP (with an optional port
66           number), i.e. 'radius1.mytel.com' or 'radius.myhost.com:1812'.
67           Radius Cluster contains a set of Radius servers, at any given
68           moment of time only one server is considered to be "active" (so
69           requests are send to this server).  How the active node is
70           determined? Initially in addition to the "NodeList" parameter you
71           may supply the "Host" parameter and specify which server should
72           become the first active node. If this parameter is absent, or the
73           current active node does not reply anymore, the process of
74           "discovery" will be performed: a request will be sent to all nodes
75           and the consecutive communication continues with the node, which
76           will be the first to reply.
77

METHODS

79       load_dictionary ( [ DICTIONARY ], [format => 'freeradius' |
80       'gnuradius'] )
81           Loads the definitions in the specified Radius dictionary file
82           (standard Livingston radiusd format). Tries to load
83           "/etc/raddb/dictionary" when no argument is specified, or dies.
84           "format" should be specified if dictionary has other format
85           (currently supported: FreeRADIUS and GNU Radius)
86
87           NOTE: you need to load valid dictionary if you plan to send RADIUS
88           requests with attributes other than just "User-Name"/"Password".
89
90       check_pwd ( USERNAME, PASSWORD [,NASIPADDRESS] )
91           Checks with the RADIUS server if the specified "PASSWORD" is valid
92           for user "USERNAME". Unless "NASIPADDRESS" is specified, the script
93           will attempt to determine it's local IP address (IP address for the
94           RADIUS socket) and this value will be placed in the NAS-IP-Address
95           attribute.  This method is actually a wrapper for subsequent calls
96           to "clear_attributes", "add_attributes", "send_packet" and
97           "recv_packet". It returns 1 if the "PASSWORD" is correct, or undef
98           otherwise.
99
100       add_attributes ( { Name => NAME, Value => VALUE [, Type => TYPE] [,
101       Vendor => VENDOR] [, Tag => TAG ] }, ... )
102           Adds any number of Radius attributes to the current Radius object.
103           Attributes are specified as a list of anon hashes. They may be
104           "Name"d with their dictionary name (provided a dictionary has been
105           loaded first), or with their raw Radius attribute-type values. The
106           "Type" pair should be specified when adding attributes that are not
107           in the dictionary (or when no dictionary was loaded). Values for
108           "TYPE" can be '"string"', '"integer"', '"ipaddr"', '"ipv6addr"',
109           '"ipv6prefix"', '"ifid"' or '"avpair"'. The "VENDOR" may be
110           Vendor's name from the dictionary or their integer id. For tagged
111           attributes (RFC2868) tag can be specified in "Name" using
112           'Name:Tag' format, or by using "Tag" pair. TAG value is expected to
113           be an integer, within [1:31] range (zero value isn't supported).
114
115       get_attributes
116           Returns a list of references to anon hashes with the following
117           key/value pairs : { Name => NAME, Code => RAWTYPE, Value => VALUE,
118           RawValue => RAWVALUE, Vendor => VENDOR, Tag => TAG, AttrName =>
119           NAME }. Each hash represents an attribute in the current object.
120           The "Name" and "Value" pairs will contain values as translated by
121           the dictionary (if one was loaded). The "Code" and "RawValue" pairs
122           always contain the raw attribute type & value as received from the
123           server.  If some attribute doesn't exist in dictionary or type of
124           attribute not specified then corresponding "Value" undefined and
125           "Name" set to attribute ID ("Code" value). For tagged attribute
126           (RFC2868), it will include the tag into the "NAME" as 'Name:Tag'.
127           Original Name is stored in "AttrName".  Also value of tag is stored
128           in "Tag" (undef for non-tagged attributes).
129
130       clear_attributes
131           Clears all attributes for the current object.
132
133       send_packet ( REQUEST_TYPE, RETRANSMIT )
134           Packs up a Radius packet based on the current secret & attributes
135           and sends it to the server with a Request type of "REQUEST_TYPE".
136           Exported "REQUEST_TYPE" methods are "ACCESS_REQUEST",
137           "ACCESS_ACCEPT", "ACCESS_REJECT", "ACCESS_CHALLENGE",
138           "ACCOUNTING_REQUEST", "ACCOUNTING_RESPONSE", "ACCOUNTING_STATUS",
139           "STATUS_SERVER", "DISCONNECT_REQUEST", "DISCONNECT_ACCEPT",
140           "DISCONNECT_REJECT", "COA_REQUEST", "COA_ACCEPT", "COA_REJECT",
141           "COA_ACK", and "COA_NAK".  Returns the number of bytes sent, or
142           undef on failure.
143
144           If the RETRANSMIT parameter is provided and contains a non-zero
145           value, then it is considered that we are re-sending the request,
146           which was already sent previously. In this case the previous value
147           of packet identifier is used.
148
149       recv_packet ( DETECT_BAD_ID )
150           Receives a Radius reply packet. Returns the Radius Reply type (see
151           possible values for "REQUEST_TYPE" in method "send_packet") or
152           undef on failure. Note that failure may be due to a failed recv()
153           or a bad Radius response authenticator. Use "get_error" to find
154           out.
155
156           If the DETECT_BAD_ID parameter is supplied and contains a non-zero
157           value, then calculation of the packet identifier is performed
158           before authenticator check and EBADID error returned in case when
159           packet identifier from the response doesn't match to the request.
160           If the DETECT_BAD_ID is not provided or contains zero value then
161           EBADAUTH returned in such case.
162
163       set_timeout ( TIMEOUT )
164           Sets socket I/O activity timeout. "TIMEOUT" should be specified in
165           floating seconds since the epoch.
166
167       get_error
168           Returns the last "ERRORCODE" for the current object. Errorcodes are
169           one-word strings always beginning with an '"E"'.
170
171       strerror ( [ ERRORCODE ] )
172           Returns a verbose error string for the last error for the current
173           object, or for the specified "ERRORCODE".
174
175       error_comment
176           Returns the last error explanation for the current object. Error
177           explanation is generated by system call.
178
179       get_active_node
180           Returns currently active radius node in standard numbers-and-dots
181           notation with port delimited by colon.
182

AUTHOR

184       Carl Declerck <carl@miskatonic.inbe.net> - original design Alexander
185       Kapitanenko <kapitan at portaone.com> and Andrew Zhilenko <andrew at
186       portaone.com> - later modifications.
187
188       PortaOne Development Team <perl-radius at portaone.com> is the current
189       module's maintainer at CPAN.
190
191
192
193perl v5.32.1                      2021-01-26                         Radius(3)
Impressum