DPSK module Freeradius-Devel Digest

CERON Emile e.ceron at ipefix.net
Mon Oct 27 13:52:14 UTC 2025 

Hello,

I've been working on implementing dynamic PSK management and encountered 
the issue mentioned in the documentation: "The filename should be 
dynamically expanded if it has a '%' expansion in it."

We are trying to scale DPSK by splitting our PSK keys into separate CSV 
files, one per customer. According to the documentation, we should be 
able to use expansions like %{control:customer_code} directly in the 
filename directive within the dpsk module configuration.

Here is our desired configuration in /etc/freeradius/3.0/mods-enabled/dpsk:


dpsk {

     cache_size = 1024
     cache_lifetime = 86400
     filename = 
"/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv"
     gen_pmk = yes

}


However, when we start FreeRADIUS with this configuration, we encounter 
the following error:

Unable to check file 
"/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv": No such 
file or directory
/etc/freeradius/3.0/mods-enabled/dpsk[66]: Failed parsing configuration 
item "filename"
/etc/freeradius/3.0/mods-enabled/dpsk[66]: Invalid configuration for 
module "dpsk"


It appears that FreeRADIUS attempts to validate the path 
/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv at startup, 
which fails because the variable %{control:customer_code} is not set at 
that time. So  the 
/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv doesn't exist.

We have implemented a workaround where we use a static filename pointing 
to a symlink (current.csv) that we update dynamically via an exec module 
before calling dpsk in the authorize section. This approach works but 
feels less elegant than using the built-in dynamic filename expansion.

Could you please confirm if it's possible to use attribute expansions 
directly in the filename directive as suggested by the documentation? Or 
is the static symlink approach the recommended way to handle this scenario?

Any clarification or example configuration demonstrating the intended 
use of dynamic filenames would be greatly appreciated!

Thank you

Emile

More information about the Freeradius-Devel mailing list