Hi, the default config has the following: # Auth-Type eap { # eap { # handled = 1 # } # if (handled && (Response-Packet-Type == Access-Challenge)) { # attr_filter.access_challenge.post-auth # handled # override the "updated" code from attr_filter # } # } near the end of post-auth however, when uncommented, this now fails due to the unlang checking server default { # from file /etc/raddb/sites-enabled/default # Loading authenticate {...} /etc/raddb/sites-enabled/default[482]: Failed to parse "attr_filter.access_challenge.post-auth" entry. /etc/raddb/sites-enabled/default[481]: Failed to parse "if" subsection. (last entries all in red) alan
A.L.M.Buxey@lboro.ac.uk wrote:
/etc/raddb/sites-enabled/default[67]: Invalid location for 'if' Errors reading or parsing /etc/raddb/radiusd.conf
You don't have that in a "server" section. That's why.
I suggest fixing that. The use of a bare "authorize" will get deleted from the code before 3.0. It was in 2.x *only* to be backwards compatible with 1.x. There's no longer any reason to use it.
authorize {
preprocess
if (User-Name == "testuser" && Huntgroup-Name == "testNAS") { files { ok = return } } ... thats the failed 'if' on line 67....
The "if" parsing works fine once it's in a "server" section.
The additional checks are there to catch people who do:
module { ldap { if (...) {
}
}
}
It doesn't work, and it never has worked. But until this change, it loaded fine. Fixing that is a Good Thing.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html