Enable/Disable Exec Module

Alan Buxey alan.buxey at gmail.com
Wed Sep 6 09:44:47 CEST 2017


your error is because you havent go the exec module listed in
mods-enabled/ .  (which it is by default).  if you dont need the exec
module, then simply remove (comment out) any calls to it
from your virtual server config files (by default thats default and
inner-tunnel).


alan

On 6 September 2017 at 02:45, Bhagwat, Shrikant <shrbhagw at med.umich.edu> wrote:
> rlm_ldap (ldapmed): Opening additional connection (0)
> rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636
> rlm_ldap (ldapmed): Waiting for bind result...
> rlm_ldap (ldapmed): Bind successful
> rlm_ldap (ldapmed): Opening additional connection (1)
> rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636
> rlm_ldap (ldapmed): Waiting for bind result...
> rlm_ldap (ldapmed): Bind successful
> rlm_ldap (ldapmed): Opening additional connection (2)
> rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636
> rlm_ldap (ldapmed): Waiting for bind result...
> rlm_ldap (ldapmed): Bind successful
> rlm_ldap (ldapmed): Opening additional connection (3)
> rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636
> rlm_ldap (ldapmed): Waiting for bind result...
> rlm_ldap (ldapmed): Bind successful
> rlm_ldap (ldapmed): Opening additional connection (4)
> rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636
> rlm_ldap (ldapmed): Waiting for bind result...
> rlm_ldap (ldapmed): Bind successful
>   # Loaded module rlm_cache
>   # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
>   cache cache_eap {
>         key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
>         ttl = 15
>         max_entries = 16384
>         epoch = 0
>         add_stats = no
>   }
>   # Loaded module rlm_mschap
>   # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
>   mschap {
>         use_mppe = yes
>         require_encryption = no
>         require_strong = no
>         with_ntdomain_hack = yes
>    passchange {
>    }
>         allow_retry = yes
>   }
>   # Loaded module rlm_chap
>   # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
>   # Loaded module rlm_realm
>   # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
>   realm IPASS {
>         format = "prefix"
>         delimiter = "/"
>         ignore_default = no
>         ignore_null = no
>   }
>   # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
>   realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>   }
>   # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
>   realm realmpercent {
>         format = "suffix"
>         delimiter = "%"
>         ignore_default = no
>         ignore_null = no
>   }
>   # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
>   realm ntdomain {
>         format = "prefix"
>         delimiter = "\"
>         ignore_default = no
>         ignore_null = no
>   }
>   # Loaded module rlm_passwd
>   # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
>   passwd etc_passwd {
>         filename = "/etc/passwd"
>         format = "*User-Name:Crypt-Password:"
>         delimiter = ":"
>         ignore_nislike = no
>         ignore_empty = yes
>         allow_multiple_keys = no
>         hash_size = 100
>   }
> rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
>   # Loaded module rlm_digest
>   # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
>   # Loaded module rlm_preprocess
>   # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
>   preprocess {
>         huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
>         hints = "/etc/raddb/mods-config/preprocess/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>   }
> reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
> reading pairlist file /etc/raddb/mods-config/preprocess/hints
>   # Loaded module rlm_logintime
>   # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
>   logintime {
>         minimum_timeout = 60
>   }
>   # Loaded module rlm_replicate
>   # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
>   # Loaded module rlm_detail
>   # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
>   detail {
>         filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         log_packet_header = no
>   }
>   # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
>   exec ntlm_auth {
>         wait = yes
>         program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
>         shell_escape = yes
>   }
>   # Loaded module rlm_dynamic_clients
>   # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
>   # Loaded module rlm_utf8
>   # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
>   # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
>   detail auth_log {
>         filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         log_packet_header = no
>   }
> rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
>   # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
>   detail reply_log {
>         filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         log_packet_header = no
>   }
>   # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
>   detail pre_proxy_log {
>         filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         log_packet_header = no
>   }
>   # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
>   detail post_proxy_log {
>         filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
>         header = "%t"
>         permissions = 384
>         locking = no
>         log_packet_header = no
>   }
>   # Loaded module rlm_files
>   # Instantiating module "files" from file /etc/raddb/mods-enabled/files
>   files {
>         filename = "/etc/raddb/mods-config/files/authorize"
>         usersfile = "/etc/raddb/mods-config/files/authorize"
>         acctusersfile = "/etc/raddb/mods-config/files/accounting"
>         preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
>         compat = "cistron"
>   }
> reading pairlist file /etc/raddb/mods-config/files/authorize
> [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
> [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
> [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
> reading pairlist file /etc/raddb/mods-config/files/authorize
> [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
> [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
> [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
> reading pairlist file /etc/raddb/mods-config/files/accounting
> reading pairlist file /etc/raddb/mods-config/files/pre-proxy
>   # Loaded module rlm_unpack
>   # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
>   # Loaded module rlm_attr_filter
>   # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
>   attr_filter attr_filter.post-proxy {
>         filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
>         key = "%{Realm}"
>         relaxed = no
>   }
> reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
>   # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
>   attr_filter attr_filter.pre-proxy {
>         filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
>         key = "%{Realm}"
>         relaxed = no
>   }
> reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
>   # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
>   attr_filter attr_filter.access_reject {
>         filename = "/etc/raddb/mods-config/attr_filter/access_reject"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
>   # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
>   attr_filter attr_filter.access_challenge {
>         filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
>   # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
>   attr_filter attr_filter.accounting_response {
>         filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
>         key = "%{User-Name}"
>         relaxed = no
>   }
> reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
>   # Loaded module rlm_pap
>   # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
>   pap {
>         normalise = yes
>   }
> } # modules
> radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/raddb/radiusd.conf
> } # server
> server default { # from file /etc/raddb/sites-enabled/default
> # Creating Auth-Type = level1_and_duopush
> # Creating Auth-Type = level1_and_duophone
> # Creating Auth-Type = level2_and_duopush
> # Creating Auth-Type = level2_and_duophone
> # Creating Auth-Type = Level-1
> # Loading authenticate {...}
> # Loading authorize {...}
> Ignoring "sql" (see raddb/mods-available/README.rst)
> # Loading preacct {...}
> # Loading accounting {...}
> # Loading post-proxy {...}
> # Loading post-auth {...}
> /etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section.
> /etc/raddb/sites-enabled/default[644]: Errors parsing post-auth section.
>
>
>
>
> I don't why I am getting
>
> /etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section.
> From: Bhagwat, Shrikant
> Sent: Tuesday, September 05, 2017 9:21 PM
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Enable/Disable Exec Module
>
> Hi
>
> How do I enable/disable  different modules like exec modules, ldap module in freeeadius3 ?
>
>
> Is it in default file ?
>
> **********************************************************
> Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list