Migration of FreeRadius Server from 2.1 to 3.X
Matthew Newton
mcn at freeradius.org
Thu Sep 7 00:36:46 CEST 2017
On Wed, 2017-09-06 at 16:03 +0000, Bhagwat, Shrikant wrote:
> exec default {
> wait = yes
> program = "/idm/idmt_home/PhoneFactor/Level1Factor.pl
> %{config:modules.ldap.identity} %{config:modules.ldap.password}
> %{config:modules.ldap.server} %{config:modules.ldap.basedn}
> not_found %{config:modules.ldap.level-
> 1_kdc} %{config:modules.ldap.logFILEname}"
> output_pairs = "none"
> shell_escape = yes
> }
> /etc/raddb/mods-enabled/exec[33]: Invalid output list 'none'
> /etc/raddb/mods-enabled/exec[33]: Instantiation failed for module
> "default"
>
> Not sure why Invalid Output list none
Because that's invalid - the output lists are documented in mods-
available/echo (which mods-available/exec points to), so you need to
use one of the standard attribute list names.
The release notes say that a config for version 2 won't just work on
version 3 for a reason... the config likely won't "just work". So you
have to look at the examples with the server and update your config
where necessary.
If you're looking at that anyway, it's probably a good time to consider
if you can do whatever you are doing in the external script within
FreeRADIUS directly. Running scripts is generally much slower than, for
example, doing LDAP lookups or similar in the server.
--
Matthew
More information about the Freeradius-Users
mailing list