Problem with config (if- statement) on 3.0.10
Thomas Stather
Thomas.Stather at mpimf-heidelberg.mpg.de
Thu Oct 29 12:01:23 CET 2015
Hello
Now i have my up to date radius installation but i am struggeling with
my configuration (i need to implement an eduroam config using
PEAP-MSCHAPv2 and EAP-TTLS-MSCHAPv2 in combination with our LDAP servers).
The server won't start, attached is the output:
-----------------------------------
radius1:/etc/raddb # radiusd -X
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/mods-enabled/
including configuration file /etc/raddb/mods-enabled/detail
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/echo
including configuration file /etc/raddb/mods-enabled/chap
including configuration file /etc/raddb/mods-enabled/expiration
including configuration file /etc/raddb/mods-enabled/files
including configuration file /etc/raddb/mods-enabled/digest
including configuration file /etc/raddb/mods-enabled/sradutmp
including configuration file /etc/raddb/mods-enabled/cache_eap
including configuration file /etc/raddb/mods-enabled/unix
including configuration file /etc/raddb/mods-enabled/replicate
including configuration file /etc/raddb/mods-enabled/dynamic_clients
including configuration file /etc/raddb/mods-enabled/passwd
including configuration file /etc/raddb/mods-enabled/ldap
including configuration file /etc/raddb/mods-enabled/detail.log
including configuration file /etc/raddb/mods-enabled/inner-eap
including configuration file /etc/raddb/mods-enabled/mschap
including configuration file /etc/raddb/mods-enabled/exec
including configuration file /etc/raddb/mods-enabled/expr
including configuration file /etc/raddb/mods-enabled/utf8
including configuration file /etc/raddb/mods-enabled/eap
including configuration file /etc/raddb/mods-enabled/unpack
including configuration file /etc/raddb/mods-enabled/realm
including configuration file /etc/raddb/mods-enabled/soh
including configuration file /etc/raddb/mods-enabled/attr_filter
including configuration file /etc/raddb/mods-enabled/dhcp
including configuration file /etc/raddb/mods-enabled/logintime
including configuration file /etc/raddb/mods-enabled/ntlm_auth
including configuration file /etc/raddb/mods-enabled/radutmp
including configuration file /etc/raddb/mods-enabled/preprocess
including configuration file /etc/raddb/mods-enabled/linelog
including configuration file /etc/raddb/mods-enabled/pap
including files in directory /etc/raddb/policy.d/
including configuration file /etc/raddb/policy.d/canonicalization
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/abfab-tr
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/dhcp
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/eduroam
/etc/raddb/sites-enabled/mpimf_eduroam[65]: Invalid location for 'if'
Errors reading or parsing /etc/raddb/radiusd.conf
-----------------------------------
the /sites-enabled/eduroam looks like this:
-----------------------------------
authorize {
preprocess
auth_log
mschap
suffix
eap {
ok = return
}
files
redundant_ldap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
Auth-Type eap {
eap
update control {
Tmp-String-0 = "%{debug:2}"
}
update control {
Tmp-String-0 = "%{debug:0}"
}
}
}
preacct {
preprocess
acct_unique
suffix
}
accounting {
detail
unix
radutmp
exec
attr_filter.accounting_response
}
session {
radutmp
}
post-auth {
reply_log
redundant_ldap
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
### enable debug logging from here on
update control {
Tmp-String-0 = "%{debug:2}"
}
if (Realm == my-realm.de || Realm == NULL) {
update reply {
Filter-Id = "my-realm-Secure.in"
}
}
else {
update reply {
Filter-Id = "gast.in"
}
}
### disable debug logging again
update control {
Tmp-String-0 = "%{debug:0}"
}
}
pre-proxy {
pre_proxy_log
}
post-proxy {
post_proxy_log
eap
}
-----------------------------------
What am i doing wrong?
Best,
Thomas
--
Thomas Stather
IT Services
Tel: +49 6221-486 628
Fax: +49 6221-486 561
------------------------------------------------------------------------
Max Planck Institute for Medical Research (MPImF)
Jahnstrasse 29, 69120 Heidelberg
Germany
More information about the Freeradius-Users
mailing list