Dear All I followed the step from https://networkradius.com/packages/#fr32-debian-bullseye ``` root@freeradius32apt ~# freeradius -v radiusd: FreeRADIUS Version 3.2.3 (git #db3d1924d), for host x86_64-pc-linux-gnu FreeRADIUS Version 3.2.3 Copyright (C) 1999-2022 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT ``` I'm trying to do dynamic-clients with rest so I did (as root) ``` apt install freeradius-rest ``` and here is freeradius/mods-enabled/rest ``` rest { # # This subsection configures the tls related items # that control how FreeRADIUS connects to a HTTPS # server. # tls { } # rlm_rest will open a connection to the server specified in connect_uri # to populate the connection cache, ready for the first request. # The server will not start if the server specified is unreachable. # # If you wish to disable this pre-caching and reachability check, # comment out the configuration item below. # connect_uri = "http://127.0.0.1/" # # How long before new connection attempts timeout, defaults to 4.0 seconds. # connect_timeout = 10.0 # # Specify HTTP protocol version to use. one of '1.0', '1.1', '2.0', '2.0+auto', # '2.0+tls' or 'default'. (libcurl option CURLOPT_HTTP_VERSION) # # http_negotiation = 1.1 authorize { uri = "http://192.168.56.1:5000/radius/authorize" method = 'post' body = 'JSON' } authenticate { uri = "http://192.168.56.1:5000/radius/authenticate" method = 'post' body = JSON } preacct { } accounting { uri = "http://192.168.56.1:5000/radius/accounting" method = 'post' body = JSON } post-auth { } pre-proxy { } post-proxy { } # Options for calling rest xlats # uri and method will be derived from the string provided to the xlat xlat { body_uri_encode = yes } # # The connection pool is used to pool outgoing connections. # pool { # Connections to create during module instantiation. # If the server cannot create specified number of # connections during instantiation it will exit. # Set to 0 to allow the server to start without the # web service being available. start = ${thread[pool].start_servers} # Minimum number of connections to keep open min = ${thread[pool].min_spare_servers} # Maximum number of connections # # If these connections are all in use and a new one # is requested, the request will NOT get a connection. # # Setting 'max' to LESS than the number of threads means # that some threads may starve, and you will see errors # like 'No connections available and at max connection limit' # # Setting 'max' to MORE than the number of threads means # that there are more connections than necessary. max = ${thread[pool].max_servers} # Spare connections to be left idle # # NOTE: Idle connections WILL be closed if "idle_timeout" # is set. This should be less than or equal to "max" above. spare = ${thread[pool].max_spare_servers} # Number of uses before the connection is closed # # 0 means "infinite" uses = 0 # The number of seconds to wait after the server tries # to open a connection, and fails. During this time, # no new connections will be opened. retry_delay = 30 # The lifetime (in seconds) of the connection lifetime = 0 # idle timeout (in seconds). A connection which is # unused for this length of time will be closed. idle_timeout = 60 # NOTE: All configuration settings are enforced. If a # connection is closed because of "idle_timeout", # "uses", or "lifetime", then the total number of # connections MAY fall below "min". When that # happens, it will open a new connection. It will # also log a WARNING message. # # The solution is to either lower the "min" connections, # or increase lifetime/idle_timeout. } } ``` my sites-enabled/default ``` server default { listen { type = auth ipaddr = 192.168.56.110 port = 0 limit { # # Limit the number of simultaneous TCP connections to the socket # # The default is 16. # Setting this to 0 means "no limit" max_connections = 16 # The per-socket "max_requests" option does not exist. # # The lifetime, in seconds, of a TCP connection. After # this lifetime, the connection will be closed. # # Setting this to 0 means "forever". lifetime = 0 # # The idle timeout, in seconds, of a TCP connection. # If no packets have been received over the connection for # this time, the connection will be closed. # # Setting this to 0 means "no timeout". # # We STRONGLY RECOMMEND that you set an idle timeout. # idle_timeout = 30 } } # # This second "listen" section is for listening on the accounting # port, too. # listen { ipaddr = 192.168.56.110 port = 0 type = acct limit { # The number of packets received can be rate limited via the # "max_pps" configuration item. When it is set, the server # tracks the total number of packets received in the previous # second. If the count is greater than "max_pps", then the # new packet is silently discarded. This helps the server # deal with overload situations. # # The packets/s counter is tracked in a sliding window. This # means that the pps calculation is done for the second # before the current packet was received. NOT for the current # wall-clock second, and NOT for the previous wall-clock second. # # Useful values are 0 (no limit), or 100 to 10000. # Values lower than 100 will likely cause the server to ignore # normal traffic. Few systems are capable of handling more than # 10K packets/s. # # It is most useful for accounting systems. Set it to 50% # more than the normal accounting load, and you can be sure that # the server will never get overloaded # # max_pps = 0 # Only for "proto = tcp". These are ignored for "udp" sockets. # # idle_timeout = 0 # lifetime = 0 # max_connections = 0 } } # IPv6 versions of the above - read their full config to understand options authorize { filter_username preprocess rest chap mschap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } mschap } # # Pre-accounting. Decide which accounting type to use. # preacct { preprocess acct_unique } # # Accounting. Log the accounting data. # accounting { rest } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { Post-Auth-Type REJECT { } # # Filter access challenges. # Post-Auth-Type Challenge { } Post-Auth-Type Client-Lost { } # # If the client sends EAP-Key-Name in the request, # then echo the real value back in the reply. # } # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # pre-proxy { } # # When the server receives a reply to a request it proxied # to a home server, the request may be massaged here, in the # post-proxy stage. # post-proxy { } } ``` below is my freeradius/sites-enabled/dynamic-clients ``` # -*- text -*- # # Define a network where clients may be dynamically defined. client dynamic { # # You MUST specify a netmask! # IPv4 /32 or IPv6 /128 are NOT allowed! ipaddr = 192.168.56.0/24 dynamic_clients = dynamic_clients lifetime = 3600 } # # This is the virtual server referenced above by "dynamic_clients". server dynamic_clients { # # The only contents of the virtual server is the "authorize" section. authorize { rest # # Tell the caller that the client was defined properly. # # If the authorize section does NOT return "ok", then # the new client is ignored. ok } } ``` When I try to connect my pppoe client to my pppoe-server, freeradius said that the client (pppoe-server) is unknown some Output from --> freeradius -XXX ``` Wed Dec 6 23:08:21 2023 : Debug: (0) server dynamic_clients { Wed Dec 6 23:08:21 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/sites-enabled/dynamic-clients Wed Dec 6 23:08:21 2023 : Debug: (0) authorize { Wed Dec 6 23:08:21 2023 : Debug: (0) modsingle[authorize]: calling rest (rlm_rest) Wed Dec 6 23:08:21 2023 : Debug: rlm_rest (rest): Reserved connection (0) Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Expanding URI components Wed Dec 6 23:08:21 2023 : Debug: http://192.168.56.1:5000 Wed Dec 6 23:08:21 2023 : Debug: Parsed xlat tree: Wed Dec 6 23:08:21 2023 : Debug: literal --> http://192.168.56.1:5000 Wed Dec 6 23:08:21 2023 : Debug: (0) rest: EXPAND http://192.168.56.1:5000 Wed Dec 6 23:08:21 2023 : Debug: (0) rest: --> http://192.168.56.1:5000 Wed Dec 6 23:08:21 2023 : Debug: /radius/authorize Wed Dec 6 23:08:21 2023 : Debug: Parsed xlat tree: Wed Dec 6 23:08:21 2023 : Debug: literal --> /radius/authorize Wed Dec 6 23:08:21 2023 : Debug: (0) rest: EXPAND /radius/authorize Wed Dec 6 23:08:21 2023 : Debug: (0) rest: --> /radius/authorize Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Sending HTTP POST to " http://192.168.56.1:5000/radius/authorize" Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Adding custom headers: Wed Dec 6 23:08:21 2023 : Debug: (0) rest: X-FreeRADIUS-Section: authorize Wed Dec 6 23:08:21 2023 : Debug: (0) rest: X-FreeRADIUS-Server: dynamic_clients Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Request body content-type will be "application/json" Wed Dec 6 23:08:21 2023 : Debug: (0) rest: JSON Data: {} Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Returning 2 bytes of JSON data Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Processing response header Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Status : 500 (INTERNAL SERVER ERROR) Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Type : json (application/json) Wed Dec 6 23:08:21 2023 : Debug: (0) rest: Adding reply:REST-HTTP-Status-Code = "500" Wed Dec 6 23:08:21 2023 : ERROR: (0) rest: Server returned: Wed Dec 6 23:08:21 2023 : ERROR: (0) rest: {} Wed Dec 6 23:08:21 2023 : Debug: rlm_rest (rest): Released connection (0) ``` Kindly please look at line 22 of debug lines ``` Wed Dec 6 23:08:21 2023 : Debug: (0) rest: JSON Data: {} ``` I think freeradius did not wrap any data to json body Is that a bug? if not, kindly please tell me how to fix Sincerely -bino-