On Jun 2, 2025, at 8:34 AM, Matvey Teplov via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Picking this outstanding action. I tried "reject" before, and it is a problem. The startup comes with:
/etc/freeradius/3.0/sites-enabled/default[85]: Failed to find "reject" as a module or policy. /etc/freeradius/3.0/sites-enabled/default[85]: Please verify that the configuration exists in /etc/freeradius/3.0/mods-enabled/reject. /etc/freeradius/3.0/sites-enabled/default[85]: Failed to parse "reject" entry.
Because you edited the default configuration and broke it. Don't do that. The "reject" module is defined in mods-available/always. You've either edited it to remove the "reject" entry, or you've disabled it by removing mods-enabled/always,
Also, the simple '==' doesn't work either, and that's why the loop is there. It is coming back with during authentication: (0) if (&control:ldap-LDAP-Group[*] == "CN=Radius_ReadOnly_Group,DC=Groups,DC=abc,DC=abc") { (0) ERROR: Failed retrieving values required to evaluate condition
The LDAP-Group attribute is documented in the Wiki: https://wiki.freeradius.org/modules/Rlm_ldap Follow those examples and it will work. Alan DeKok.