Freeradius-Devel Digest, Vol 225, Issue 2

CERON Emile e.ceron at ipefix.net
Wed Oct 29 10:38:36 UTC 2025 

Hello,

Thank you for pushing the fixes to the v3.2.x branch.

We cloned the repository, checked out the v3.2.x branch, and 
compiled/installed FreeRADIUS. However, we are encountering an error 
related to dictionary parsing when starting the server:

FreeRADIUS Version 3.2.8
...
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
Errors reading dictionary: dict_init: 
/usr/share/freeradius/dictionary.freeradius.internal[20]: invalid type 
"bool"

This happens even before any authentication attempt. It seems the |bool| 
type is not recognized in the internal dictionary file.

We haven't yet tested the dynamic filename feature itself due to this 
startup issue. Should we address the dictionary problem first, or is 
this unrelated to the dynamic filename expansion fix?

Thank you





Le 28/10/2025 à 13:00, freeradius-devel-request at lists.freeradius.org a 
écrit :
> Send Freeradius-Devel mailing list submissions to
> 	freeradius-devel at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.freeradius.org/mailman/listinfo/freeradius-devel
> or, via email, send a message with subject or body 'help' to
> 	freeradius-devel-request at lists.freeradius.org
>
> You can reach the person managing the list at
> 	freeradius-devel-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Devel digest..."
>
>
> Today's Topics:
>
>     1. DPSK module Freeradius-Devel Digest (CERON Emile)
>     2. Re: DPSK module Freeradius-Devel Digest (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 27 Oct 2025 14:52:14 +0100
> From: CERON Emile<e.ceron at ipefix.net>
> To:freeradius-devel at lists.freeradius.org
> Subject: DPSK module Freeradius-Devel Digest
> Message-ID:<5f8b63ba-55c5-4c0d-847c-a2ed51cfe4a7 at ipefix.net>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hello,
>
> I've been working on implementing dynamic PSK management and encountered
> the issue mentioned in the documentation: "The filename should be
> dynamically expanded if it has a '%' expansion in it."
>
> We are trying to scale DPSK by splitting our PSK keys into separate CSV
> files, one per customer. According to the documentation, we should be
> able to use expansions like %{control:customer_code} directly in the
> filename directive within the dpsk module configuration.
>
> Here is our desired configuration in /etc/freeradius/3.0/mods-enabled/dpsk:
>
>
> dpsk {
>
>   ? ? cache_size = 1024
>   ? ? cache_lifetime = 86400
>   ? ? filename =
> "/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv"
>   ? ? gen_pmk = yes
>
> }
>
>
> However, when we start FreeRADIUS with this configuration, we encounter
> the following error:
>
> Unable to check file
> "/etc/freeradius/3.0/psk_files/%{control:customer_code}.csv": No such
> file or directory
> /etc/freeradius/3.0/mods-enabled/dpsk[66]: Failed parsing configuration
> item "filename"
> /etc/freeradius/3.0/mods-enabled/dpsk[66]: Invalid configuration for
> module "dpsk"
>
>
> It appears that FreeRADIUS attempts to validate the path
> /etc/freeradius/3.0/psk_files/%{control:customer_code}.csv at startup,
> which fails because the variable %{control:customer_code} is not set at
> that time. So? the
> /etc/freeradius/3.0/psk_files/%{control:customer_code}.csv doesn't exist.
>
> We have implemented a workaround where we use a static filename pointing
> to a symlink (current.csv) that we update dynamically via an exec module
> before calling dpsk in the authorize section. This approach works but
> feels less elegant than using the built-in dynamic filename expansion.
>
> Could you please confirm if it's possible to use attribute expansions
> directly in the filename directive as suggested by the documentation? Or
> is the static symlink approach the recommended way to handle this scenario?
>
> Any clarification or example configuration demonstrating the intended
> use of dynamic filenames would be greatly appreciated!
>
> Thank you
>
> Emile
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 27 Oct 2025 12:01:55 -0400
> From: Alan DeKok<aland at deployingradius.com>
> To: FreeRadius developers mailing list
> 	<freeradius-devel at lists.freeradius.org>
> Subject: Re: DPSK module Freeradius-Devel Digest
> Message-ID:<4A24A0AB-6362-449F-BD18-1D135BFFFA99 at deployingradius.com>
> Content-Type: text/plain;	charset=utf-8
>
> On Oct 27, 2025, at 9:52?AM, CERON Emile<e.ceron at ipefix.net> wrote:
>> I've been working on implementing dynamic PSK management and encountered the issue mentioned in the documentation: "The filename should be dynamically expanded if it has a '%' expansion in it."
>>
>> We are trying to scale DPSK by splitting our PSK keys into separate CSV files, one per customer. According to the documentation, we should be able to use expansions like %{control:customer_code} directly in the filename directive within the dpsk module configuration.
>   I've pushed some fixes to the v3.2.x branch.  Please check them and see if they work for you.
>
>   Alan DeKok.
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/devel.html
>
>
> ------------------------------
>
> End of Freeradius-Devel Digest, Vol 225, Issue 2
> ************************************************

More information about the Freeradius-Devel mailing list