1Radius(3) User Contributed Perl Documentation Radius(3)
2
6 Authen::Radius - provide simple Radius client facilities
7
9 use Authen::Radius;
10 $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret');
12 print "auth result=", $r->check_pwd('myname', 'mypwd'), "\n";
13 $r = new Authen::Radius(Host => 'myserver', Secret => 'mysecret');
15 Authen::Radius->load_dictionary();
16 $r->add_attributes (
17 { Name => 'User-Name', Value => 'myname' },
18 { Name => 'Password', Value => 'mypwd' },
19 # RFC 2865 http://www.ietf.org/rfc/rfc2865.txt calls this attribute
20 # User-Password. Check your local RADIUS dictionary to find
21 # out which name is used on your system
22 # { Name => 'User-Password', Value => 'mypwd' },
23 { Name => 'h323-return-code', Value => '0' }, # Cisco AV pair
24 { Name => 'Digest-Attributes', Value => { Method => 'REGISTER' } }
25 );
26 $r->send_packet(ACCESS_REQUEST) and $type = $r->recv_packet();
27 print "server response type = $type\n";
28 for $a ($r->get_attributes()) {
29 print "attr: name=$a->{'Name'} value=$a->{'Value'}\n";
30 }
31
33 The "Authen::Radius" module provides a simple class that allows you to
34 send/receive Radius requests/responses to/from a Radius server.
35
37 new ( Host => HOST, Secret => SECRET [, TimeOut => TIMEOUT] [,Service
38 => SERVICE] [, Debug => Bool] [, LocalAddr => hostname[:port]]
39 [,Rfc3579MessageAuth => Bool] [,NodeList= NodeListArrayRef])
40 Creates & returns a blessed reference to a Radius object, or undef
41 on failure. Error status may be retrieved with
42 "Authen::Radius::get_error" (errorcode) or
43 "Authen::Radius::strerror" (verbose error string).
44 The default "Service" is "radius", the alternative is
46 "radius-acct". If you do not specify port in the "Host" as a
47 "hostname:port", then port specified in your /etc/services will be
48 used. If there is nothing there, and you did not specify port
49 either then default is 1645 for "radius" and 1813 for
50 "radius-acct".
51 Optional parameter "Debug" with a Perl "true" value turns on
53 debugging (verbose mode).
54 Optional parameter "LocalAddr" may contain local IP/host bind
56 address from which RADIUS packets are sent.
57 Optional parameter "Rfc3579MessageAuth" with a Perl "true" value
59 turns on generating of Message-Authenticator for Access-Request
60 (RFC3579, section 3.2). The Message-Authenticator is always
61 generated for Status-Server packets.
62 Optional parameter "NodeList" may contain a Perl reference to an
64 array, containing a list of Radius Cluster nodes. Each nodes in the
65 list can be specified using a hostname or IP (with an optional port
66 number), i.e. 'radius1.mytel.com' or 'radius.myhost.com:1812'.
67 Radius Cluster contains a set of Radius servers, at any given
68 moment of time only one server is considered to be "active" (so
69 requests are send to this server). How the active node is
70 determined? Initially in addition to the "NodeList" parameter you
71 may supply the "Host" parameter and specify which server should
72 become the first active node. If this parameter is absent, or the
73 current active node does not reply anymore, the process of
74 "discovery" will be performed: a request will be sent to all nodes
75 and the consecutive communication continues with the node, which
76 will be the first to reply.
77
79 load_dictionary ( [ DICTIONARY ], [format => 'freeradius' |
80 'gnuradius'] )
81 Loads the definitions in the specified Radius dictionary file
82 (standard Livingston radiusd format). Tries to load
83 "/etc/raddb/dictionary" when no argument is specified, or dies.
84 "format" should be specified if dictionary has other format
85 (currently supported: FreeRADIUS and GNU Radius)
86 NOTE: you need to load valid dictionary if you plan to send RADIUS
88 requests with attributes other than just "User-Name"/"Password".
89 check_pwd ( USERNAME, PASSWORD [,NASIPADDRESS] )
91 Checks with the RADIUS server if the specified "PASSWORD" is valid
92 for user "USERNAME". Unless "NASIPADDRESS" is specified, the script
93 will attempt to determine it's local IP address (IP address for the
94 RADIUS socket) and this value will be placed in the NAS-IP-Address
95 attribute. This method is actually a wrapper for subsequent calls
96 to "clear_attributes", "add_attributes", "send_packet" and
97 "recv_packet". It returns 1 if the "PASSWORD" is correct, or undef
98 otherwise.
99 add_attributes ( { Name => NAME, Value => VALUE [, Type => TYPE] [,
101 Vendor => VENDOR] [, Tag => TAG ] }, ... )
102 Adds any number of Radius attributes to the current Radius object.
103 Attributes are specified as a list of anon hashes. They may be
104 "Name"d with their dictionary name (provided a dictionary has been
105 loaded first), or with their raw Radius attribute-type values. The
106 "Type" pair should be specified when adding attributes that are not
107 in the dictionary (or when no dictionary was loaded). Values for
108 "TYPE" can be '"string"', '"integer"', '"ipaddr"', '"ipv6addr"',
109 '"ipv6prefix"', '"ifid"' or '"avpair"'. The "VENDOR" may be
110 Vendor's name from the dictionary or their integer id. For tagged
111 attributes (RFC2868) tag can be specified in "Name" using
112 'Name:Tag' format, or by using "Tag" pair. TAG value is expected to
113 be an integer, within [1:31] range (zero value isn't supported).
114 get_attributes
116 Returns a list of references to anon hashes with the following
117 key/value pairs : { Name => NAME, Code => RAWTYPE, Value => VALUE,
118 RawValue => RAWVALUE, Vendor => VENDOR, Tag => TAG, AttrName =>
119 NAME }. Each hash represents an attribute in the current object.
120 The "Name" and "Value" pairs will contain values as translated by
121 the dictionary (if one was loaded). The "Code" and "RawValue" pairs
122 always contain the raw attribute type & value as received from the
123 server. If some attribute doesn't exist in dictionary or type of
124 attribute not specified then corresponding "Value" undefined and
125 "Name" set to attribute ID ("Code" value). For tagged attribute
126 (RFC2868), it will include the tag into the "NAME" as 'Name:Tag'.
127 Original Name is stored in "AttrName". Also value of tag is stored
128 in "Tag" (undef for non-tagged attributes).
129 clear_attributes
131 Clears all attributes for the current object.
132 send_packet ( REQUEST_TYPE, RETRANSMIT )
134 Packs up a Radius packet based on the current secret & attributes
135 and sends it to the server with a Request type of "REQUEST_TYPE".
136 Exported "REQUEST_TYPE" methods are "ACCESS_REQUEST",
137 "ACCESS_ACCEPT", "ACCESS_REJECT", "ACCESS_CHALLENGE",
138 "ACCOUNTING_REQUEST", "ACCOUNTING_RESPONSE", "ACCOUNTING_STATUS",
139 "STATUS_SERVER", "DISCONNECT_REQUEST", "DISCONNECT_ACCEPT",
140 "DISCONNECT_REJECT", "COA_REQUEST", "COA_ACCEPT", "COA_REJECT",
141 "COA_ACK", and "COA_NAK". Returns the number of bytes sent, or
142 undef on failure.
143 If the RETRANSMIT parameter is provided and contains a non-zero
145 value, then it is considered that we are re-sending the request,
146 which was already sent previously. In this case the previous value
147 of packet identifier is used.
148 recv_packet ( DETECT_BAD_ID )
150 Receives a Radius reply packet. Returns the Radius Reply type (see
151 possible values for "REQUEST_TYPE" in method "send_packet") or
152 undef on failure. Note that failure may be due to a failed recv()
153 or a bad Radius response authenticator. Use "get_error" to find
154 out.
155 If the DETECT_BAD_ID parameter is supplied and contains a non-zero
157 value, then calculation of the packet identifier is performed
158 before authenticator check and EBADID error returned in case when
159 packet identifier from the response doesn't match to the request.
160 If the DETECT_BAD_ID is not provided or contains zero value then
161 EBADAUTH returned in such case.
162 set_timeout ( TIMEOUT )
164 Sets socket I/O activity timeout. "TIMEOUT" should be specified in
165 floating seconds since the epoch.
166 get_error
168 Returns the last "ERRORCODE" for the current object. Errorcodes are
169 one-word strings always beginning with an '"E"'.
170 strerror ( [ ERRORCODE ] )
172 Returns a verbose error string for the last error for the current
173 object, or for the specified "ERRORCODE".
174 error_comment
176 Returns the last error explanation for the current object. Error
177 explanation is generated by system call.
178 get_active_node
180 Returns currently active radius node in standard numbers-and-dots
181 notation with port delimited by colon.
182
184 Carl Declerck <carl@miskatonic.inbe.net> - original design Alexander
185 Kapitanenko <kapitan at portaone.com> and Andrew Zhilenko <andrew at
186 portaone.com> - later modifications.
187 PortaOne Development Team <perl-radius at portaone.com> is the current
189 module's maintainer at CPAN.
190perl v5.32.1 2021-01-26 Radius(3)