FreeRADIUS 3.0.12, Ubuntu 16.04 - Python module is unable to load

Cuong Nguyen cuong.nguyenduy at
Mon Jul 3 07:52:44 CEST 2017

Thank you, Adam, for replying.

First, indeed, I am sure that $PYTHONPATH is set correctly. I can even run
the script under 'freerad' user.

Let me explain what I try to do:
1. I'd want to limit a number of concurrent sessions a user is allowed. In
LDAP, there is an attribute - MaxConnection - to indicate maximum
concurrent sessions a user can have
2. Since FreeRADIUS does not keep track of the number of sessions, my
script will perform the following
- POST-AUTH: For the user, get the number of sessions in MySQL, and get the
MaxConnection from LDAP, then compare the two. If there are sessions >=
MaxConnection --> Reject
- ACCOUTING: If it is Accounting-Start --> Record in MySQL, if
Accounting-Interim --> Update in MySQL, if Accounting-Stop --> Delete in

My first attempt is to make sure I can load LDAP module, and I've already
got the issue above.

Second, I did look at the LDAP module, but have no clue how to implement
the logic I describe above. In my debug output above, I *did* include sql
for the purpose of testing. In actual deployment, this will not be used
(MySQL operations will be done by the script).

I even tried this in LDAP module in order to get the MaxConnection, which
changes the 'request' list.

ldap {
    request:Tmp-String-1            := 'MaxConnection'

And in the script, look for "Tmp-String-1". However, I think it is not

Any suggestion is appreciated.


On Mon, Jul 3, 2017 at 1:47 AM Adam Bishop <Adam.Bishop at> wrote:

> On 2 Jul 2017, at 17:19, Cuong Nguyen <cuong.nguyenduy at> wrote:
> > Is there anything I could do to solve this? With the same script I can
> run
> > using normal python environment (the script has the import ldap3).
> There's a few possibilities, but the most likely reason is PYTHONPATH
> being not set correctly.
> Make sure that in mods-available/python config file has the directories
> you need.
> Keep in mind that FreeRADIUS runs as a non-root user, so make sure that
> you've installed the module to somewhere that the FreeRADIUS user account
> can read.
> Have you looked at FreeRADIUS' built in LDAP module by the way?
> Regards,
> Adam Bishop
>   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company number
> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list