On 21 September 2017 08:03:47 BST, Olivier <Olivier.Nicole@cs.ait.ac.th> wrote:
It seems to work even is authorize pap has been disabled...
The only reason for putting it after pap is that if you are using the pap module already and you put this before it, you will break pap. If you're not using pap, it doesn't really matter.
I am left with a warning:
(0) [ldap_firewall] = ok (0) } # Auth-Type LDAPFIREWALL = ok (0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) reply_log: EXPAND /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d (0) reply_log: --> /var/log/radacct/192.41.170.3/reply-detail-20170921 (0) reply_log: /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /var/log/radacct/192.41.170.3/reply-detail-20170921 (0) reply_log: WARNING: Skipping empty packet (0) [reply_log] = ok
I am not sure how to eliminate this "WARNING: Skipping empty packet".
Your reply packet is empty, so it's just letting you know there is nothing to log this time. You can ignore it. -- Matthew