FR 3.0.7 RADIUS Client Schema error

Ben Humpert ben at an3k.de
Thu Apr 30 16:43:03 CEST 2015 

Hi,

in the schema file the entry for require message authenticator is listed as

olcAttributeTypes: ( 1.3.6.1.4.1.11344.1.100.2.6 NAME
'radiusClientRequireMa' SINGLE-VALUE DESC 'Require Message
Authenticator' EQUALITY booleanMatch SYNTAX
'1.3.6.1.4.1.1466.115.121.1.7' )

thus one has to enter TRUE or FALSE in LDAP - everything else (I tried
it with true, Yes, yes, YES and 1) throws an LDAP error. But now, with
TRUE FR won't start anymore. Below is the debug log


....
Thu Apr 30 16:34:04 2015 : Debug: client
radiusClientIdentifier=127.0.0.1,ou=RADIUS,ou=Services,dc=example,dc=com
{
Thu Apr 30 16:34:04 2015 : Debug:       ipaddr = 127.0.0.1
Thu Apr 30 16:34:04 2015 : Debug:       require_message_authenticator = no
Thu Apr 30 16:34:04 2015 : Debug:       secret = "testing123"
Thu Apr 30 16:34:04 2015 : Debug:       nas_type = "other"
Thu Apr 30 16:34:04 2015 : Debug:  limit {
Thu Apr 30 16:34:04 2015 : Debug:       max_connections = 16
Thu Apr 30 16:34:04 2015 : Debug:       lifetime = 0
Thu Apr 30 16:34:04 2015 : Debug:       idle_timeout = 30
Thu Apr 30 16:34:04 2015 : Debug:  }
Thu Apr 30 16:34:04 2015 : Debug: }
Thu Apr 30 16:34:04 2015 : Debug: Adding client 127.0.0.1/32
(127.0.0.1) to prefix tree 32
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap (ldap): Client
"radiusClientIdentifier=127.0.0.1,ou=RADIUS,ou=Services,dc=example,dc=com"
added
Thu Apr 30 16:34:04 2015 : Debug: client
radiusClientIdentifier=192.168.0.20,ou=RADIUS,ou=Services,dc=example,dc=com
{
Thu Apr 30 16:34:04 2015 : Debug:       ipaddr = 192.168.0.20
Thu Apr 30 16:34:04 2015 : Error: unknown[0]: Invalid value "TRUE" for
boolean variable require_message_authenticator
Thu Apr 30 16:34:04 2015 : Debug: }
Thu Apr 30 16:34:04 2015 : Error: unknown[0]: Error parsing client section
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap (ldap): Released connection (4)
Thu Apr 30 16:34:04 2015 : Error:
/etc/freeradius/mods-enabled/ldap[1]: Error loading clients
Thu Apr 30 16:34:04 2015 : Error:
/etc/freeradius/mods-enabled/ldap[1]: Instantiation failed for module
"ldap"
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap (ldap): Removing connection pool
Thu Apr 30 16:34:04 2015 : Info: rlm_ldap (ldap): Closing connection (4)
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap: Closing libldap handle 0x26578c0
Thu Apr 30 16:34:04 2015 : Info: rlm_ldap (ldap): Closing connection (3)
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap: Closing libldap handle 0x2656d40
Thu Apr 30 16:34:04 2015 : Info: rlm_ldap (ldap): Closing connection (2)
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap: Closing libldap handle 0x26460a0
Thu Apr 30 16:34:04 2015 : Info: rlm_ldap (ldap): Closing connection (1)
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap: Closing libldap handle 0x26454b0
Thu Apr 30 16:34:04 2015 : Info: rlm_ldap (ldap): Closing connection (0)
Thu Apr 30 16:34:04 2015 : Debug: rlm_ldap: Closing libldap handle 0x26278e0

I know FR wants yes / no but those are not boolean so I guess the
schema is not correct - or do you plan to update FR to accept TRUE /
FALSE instead of yes / no?

Thanks

More information about the Freeradius-Users mailing list