multiOTP - /etc/freeradius/policy.conf[33]: Expecting section start brace '{' after "else if"

Timothy tpharryman at gmail.com
Thu Sep 24 00:11:34 CEST 2015


Thanks in advance for any assistance!

System: Ubuntu 14.0.4 LTS, FreeRADIUS installed from apt-get install.

FreeRADIUS works fine for what we have been using it for: MSCHAPV2 &
various types of EAP against AD.  We would like to add multiOTP to the mix.

multiOTP testing (not using FreeRADIUS) works fine from the command line.

After doing all of the steps from the guide (
http://wiki.freeradius.org/guide/multiOTP-HOWTO), I get the following error

FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26
2015 at 14:47:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/redis
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/replicate
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/soh
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/multiotp
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/rediswho
including configuration file /etc/freeradius/modules/multiotpmschap
including configuration file /etc/freeradius/modules/
sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
/etc/freeradius/policy.conf[33]: Expecting section start brace '{' after
"else if"
Errors reading /etc/freeradius/radiusd.conf
--------------------------------------------------------------------------------------

The policy has been copied verbatim from the multiOTP howto, and inserted
above the existing policy.  The line in question is this:

>> else if (!control:Auth-Type && User-Password =~
/^${policy.multiotp_prefix}([0-9]{10})$/) {

if I change it to this (adding another closing bracket), FreeRadius will
start, but then I get a different error when doing a radtest -t pap from
the command line

>> else {
>>      if (!control:Auth-Type && User-Password =~
/^${policy.multiotp_prefix}([0-9]{10})$/) {

error on radtest:

? Evaluating (control:Auth-Type == 'MS-CHAP') -> FALSE
+++? if (control:Auth-Type == 'MS-CHAP') -> FALSE
+++- entering else else {...}
++++? if (!control:Auth-Type && User-Password =~
/^${policy.multiotp_prefix}([0-9]{10})$/)
? Evaluating !(control:Auth-Type ) -> TRUE
ERROR: Failed compiling regular expression: Invalid preceding regular
expression
+++- else else returns noop
++- policy multiotp.authorize returns noop

If I try any other RegEx (like nested if's), it still has the "invalid
preceding regular expression" error.

My concern is that the policy.conf modification in the HowTo might not work
in my case.

If someone can shed some light on this matter, I would gratefully
appreciate it!

Timo


More information about the Freeradius-Users mailing list