Hi How do I enable/disable different modules like exec modules, ldap module in freeeadius3 ? Is it in default file ? ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
rlm_ldap (ldapmed): Opening additional connection (0) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (1) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (2) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (3) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (4) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful # Loaded module rlm_cache # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_chap # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_digest # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups" hints = "/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /etc/raddb/mods-config/preprocess/hints # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate # Loaded module rlm_detail # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail detail { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8 # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_files # Instantiating module "files" from file /etc/raddb/mods-enabled/files files { filename = "/etc/raddb/mods-config/files/authorize" usersfile = "/etc/raddb/mods-config/files/authorize" acctusersfile = "/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/accounting reading pairlist file /etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_pap # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap pap { normalise = yes } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf } # server server default { # from file /etc/raddb/sites-enabled/default # Creating Auth-Type = level1_and_duopush # Creating Auth-Type = level1_and_duophone # Creating Auth-Type = level2_and_duopush # Creating Auth-Type = level2_and_duophone # Creating Auth-Type = Level-1 # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} /etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section. /etc/raddb/sites-enabled/default[644]: Errors parsing post-auth section. I don't why I am getting /etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section. From: Bhagwat, Shrikant Sent: Tuesday, September 05, 2017 9:21 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Enable/Disable Exec Module Hi How do I enable/disable different modules like exec modules, ldap module in freeeadius3 ? Is it in default file ? ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
your error is because you havent go the exec module listed in mods-enabled/ . (which it is by default). if you dont need the exec module, then simply remove (comment out) any calls to it from your virtual server config files (by default thats default and inner-tunnel). alan On 6 September 2017 at 02:45, Bhagwat, Shrikant <shrbhagw@med.umich.edu> wrote:
rlm_ldap (ldapmed): Opening additional connection (0) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (1) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (2) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (3) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful rlm_ldap (ldapmed): Opening additional connection (4) rlm_ldap (ldapmed): Connecting to p-dir1-nc2.med.umich.edu:636 rlm_ldap (ldapmed): Waiting for bind result... rlm_ldap (ldapmed): Bind successful # Loaded module rlm_cache # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap cache cache_eap { key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 16384 epoch = 0 add_stats = no } # Loaded module rlm_mschap # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes } # Loaded module rlm_chap # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap # Loaded module rlm_realm # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_passwd # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Loaded module rlm_digest # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess preprocess { huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups" hints = "/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /etc/raddb/mods-config/preprocess/hints # Loaded module rlm_logintime # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_replicate # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate # Loaded module rlm_detail # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail detail { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_dynamic_clients # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients # Loaded module rlm_utf8 # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8 # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log detail auth_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log detail reply_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no log_packet_header = no } # Loaded module rlm_files # Instantiating module "files" from file /etc/raddb/mods-enabled/files files { filename = "/etc/raddb/mods-config/files/authorize" usersfile = "/etc/raddb/mods-config/files/authorize" acctusersfile = "/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/authorize [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file /etc/raddb/mods-config/files/accounting reading pairlist file /etc/raddb/mods-config/files/pre-proxy # Loaded module rlm_unpack # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/raddb/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/raddb/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response # Loaded module rlm_pap # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap pap { normalise = yes } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf } # server server default { # from file /etc/raddb/sites-enabled/default # Creating Auth-Type = level1_and_duopush # Creating Auth-Type = level1_and_duophone # Creating Auth-Type = level2_and_duopush # Creating Auth-Type = level2_and_duophone # Creating Auth-Type = Level-1 # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-proxy {...} # Loading post-auth {...} /etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section. /etc/raddb/sites-enabled/default[644]: Errors parsing post-auth section.
I don't why I am getting
/etc/raddb/sites-enabled/default[678]: Failed to find "exec" in the "modules" section. From: Bhagwat, Shrikant Sent: Tuesday, September 05, 2017 9:21 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Enable/Disable Exec Module
Hi
How do I enable/disable different modules like exec modules, ldap module in freeeadius3 ?
Is it in default file ?
********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan Buxey -
Bhagwat, Shrikant