Migrating configuration. Users file

Alan DeKok aland at deployingradius.com
Thu Sep 21 18:53:02 CEST 2017


On Sep 21, 2017, at 12:18 PM, jan hugo prins <jhp at jhprins.org> wrote:
> In my version 2 config I had a users file that was working fine.
> In my version 3 config I have moved the content of this file to
> mods-config/files/authorize

  That should mostly be OK.  There are some changes...

> My huntsgroup file is working, or at least I see Huntgroup-Name
> attribute in my Auth-Detail logging.
> 
> there are a few things I don't see at the moment and they are all
> related to my users /authorize file:
> 
> - User to group mappings.
> - Aruba attributes are not added to an authenticated user
> - Users in my users file (phones etc) are not able to authenticate.

  If you read the debug output, you will see:

(0)     [files] = noop

  So nothing in the "users" file is being matched.

> In version 2 I had use_tunneled_reply = yes in my config.
> In version 3 this is depricated and now I have to do something with
> update outer.session-state in my inner-tunnel config.

  You can still use it.  It's deprecated, as in "other functionality is better", but it still works.

> In version 2 I had to add some information regarding groups to the
> /etc/raddb/dictionary file. This file is in my config tree, but I have
> the idea that it is not being accessed.

  It should be in /etc/raddb/dictionary

  If the attributes are in the "users" file, and the server starts, then the dictionary entries are being used.

  The recommended upgrade method is to test one thing at a time.  Don't port all of your configuration, and expect everything to work.  It might, but it might not.  And if it doesn't work, then it's *very* difficult for you to tell why things are broken.  Because it could be anything.

  The other recommendation is to ACTUALLY DESCRIBE WHAT YOU'RE DOING.  If you're asking questions about "users" file entries... post an entry.  Otherwise, the questions are largely "I tried stuff and and it didn't work.  What changes do I make?"

  Well, we have no idea what you did, because you didn't tell us.  So tell us what you did (and try things one step at a time).  Maybe then we can help you.

  Alan DeKok.




More information about the Freeradius-Users mailing list