Invalid location for 'if' on 3.0.4

MDS Test mdstest.99999 at gmail.com
Thu Nov 29 15:17:35 CET 2018 

If it helps,  this is my full proxy.conf  config of version 2.2.4
The snippet probably didnt provide the entire picture.

proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
}
home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        require_message_authenticator = yes
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 coa {
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
 }
}
home_server nbf_auth_1 {
  ipaddr = 10.10.10.26
  port   = 1812
  type   = auth
  secret = "xxxxxxxxxx"
}
home_server nbf_auth_2 {
  ipaddr = 10.10.10.25
  port   = 1812
  type   = auth
  secret = "xxxxxxxxxx"
}
home_server nbf_auth_3 {
  ipaddr = 10.10.10.24
  port   = 1812
  type   = auth
  secret = "xxxxxxxxxx"
}
home_server nbf_auth_4 {
  ipaddr = 10.10.10.23
  port   = 1812
  type   = auth
  secret = "xxxxxxxxx"
}
home_server nbf_auth_5 {
  ipaddr = 10.10.10.22
  port   = 1812
  type   = auth
  secret = "xxxxxxxx"
}
home_server nbf_auth_6 {
  ipaddr = 10.10.10.21
  port   = 1812
  type   = auth
  secret = "xxxxxxxxx"
}
home_server_pool server_pool {
        type = fail-over
        home_server = nbf_auth_1
        home_server = nbf_auth_2
        home_server = nbf_auth_3
        home_server = nbf_auth_4
        home_server = nbf_auth_5
        home_server = nbf_auth_6
}
pre-proxy {
  update proxy-request {
    Called-Station-Id !* ""
    Calling-Station-Id !* ""
    NAS-Port-Type !* ""
    Connect-Info !* ""
    EAP-Message !* ""
    Message-Authenticator !* ""
    NAS-Port !* ""
  }
}

post-proxy {
  # Strip out anything that from the remote that we
  # provide ourselves.
  update proxy-reply {
    Filter-Id !* ""
    Fortinet-Access-Profile !* ""
    Juniper-Local-User-Name !* ""
    Cisco-AVPair !* ""
 #   Raritan-VSA-Placeholder !* ""
    PaloAlto-Admin-Role !* ""
    PaloAlto-Panorama-Admin-Role !* ""
    F5-LTM-User-Info-1 !* ""
  }


  if("%{proxy-reply:Packet-Type}" == Access-Accept) {
      perl
      update proxy-reply {
        Reply-Message := "Welcome user!"
      }
  }
}

realm NULL {
}
realm LOCAL {
}
realm att_ent_token {
        auth_pool = server_pool
}


On Wed, Nov 28, 2018 at 12:09 PM Alan Buxey <alan.buxey at gmail.com> wrote:
>
> hi,
>
> post-proxy etc statements live in virtual servers - that kind of stuff
> would normally live in your virtual server section - I'm guessing
> your 2.x config may have just been lifted from an even older 1.x config or
> such with loads of INCLUDE things rather than taking
> the standard layout/config.
>
> alan
>
> On Wed, 28 Nov 2018 at 17:22, MDS Test <mdstest.99999 at gmail.com> wrote:
>
> > Hi folks,
> >
> > We  have freeradius running on version 2.2.6 running on CentOS6 for a
> > few years now.  Now we need to build a need a new host on CentOS7.  I
> > installed version 3.0.4 from repo.  As I copied my proxy.conf file
> > from the old host.  I encounter an error and couldn't figure out what
> > is wrong.
> >
> > $radiusd -X 2>&1 | tee debugfile
> > radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu,
> > built on Mar  5 2015 at 23:41:36
> > Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
> > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > PARTICULAR PURPOSE
> > You may redistribute copies of FreeRADIUS under the terms of the
> > GNU General Public License
> > For more information about these matters, see the file named COPYRIGHT
> > Starting - reading configuration files ...
> > including dictionary file /usr/share/freeradius/dictionary
> > including dictionary file /usr/share/freeradius/dictionary.dhcp
> > including dictionary file /usr/share/freeradius/dictionary.vqp
> > including dictionary file /etc/raddb/dictionary
> > including configuration file /etc/raddb/radiusd.conf
> > including configuration file /etc/raddb/proxy.conf
> > /etc/raddb/proxy.conf[103]: Invalid location for 'if'
> > Errors reading or parsing /etc/raddb/radiusd.conf
> >
> > proxy.conf
> >
> > post-proxy {
> >   update proxy-reply {
> >     Filter-Id !* ""
> >     Fortinet-Access-Profile !* ""
> >     Juniper-Local-User-Name !* ""
> >     Cisco-AVPair !* ""
> >  #   Raritan-VSA-Placeholder !* ""
> >     PaloAlto-Admin-Role !* ""
> >     PaloAlto-Panorama-Admin-Role !* ""
> >     F5-LTM-User-Info-1 !* ""
> >   }
> >
> >
> >   if("%{proxy-reply:Packet-Type}" == Access-Accept) {
> >       perl
> >       update proxy-reply {
> >         Reply-Message := "Welcome user!"
> >       }
> >   }
> > }
> >
> > Please pardon me for maybe this is a simple error but I am new to
> > freeradius and have read doc but couldn't figure it out.
> >
> > Mike
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list