Migration of FreeRadius Server from 2.1 to 3.X
Bhagwat, Shrikant
shrbhagw at med.umich.edu
Thu Sep 7 02:05:54 CEST 2017
I know config of version 2 will not work with config of version 3. It looks like echo module controls the exe module
>From exec module
exec default {
wait = yes
output = none
#input_pairs = request
output_pairs = none
# 0 - level-2 proxy; 1 - level-2 proxy password; 2 - level-2 server; 3 - level-2 basedn; 4 - level-2 account found flag;
# 5 - level-1 kdc domain; 6 - log file name.
program = "/idm/idmt_home/PhoneFactor/Level1Factor.pl %{config:modules.ldap.identity} %{config:modules.ldap.password} %{config:modules.ldap.server} %{config:modules.ldap.basedn} not_found \
%{config:modules.ldap.level-1_kdc} %{config:modules.ldap.logFILEname}"
shell_escape = yes
}
# Phone Factor
exec phonefactor {
wait = yes
output = none
#input_pairs = request
output_pairs = none
# 0 - level-2 proxy; 1 - level-2 proxy password; 2 - level-2 server; 3 - level-2 basedn; 4 - level-2 account found flag;
# 5 - level-1 kdc domain; 6 - log file name; 7 - phone factor call back number
program = "/idm/idmt_home/PhoneFactor/PhoneFactor.pl %{config:modules.ldap.identity} %{config:modules.ldap.password} %{config:modules.ldap.server} %{config:modules.ldap.basedn} found \
%{config:modules.ldap.level-1_kdc} %{config:modules.ldap.logFILEname} %{reply:Callback-Number}"
shell_escape = yes
}
Do I modify echo module to match in exec module ? or vice versa ?
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+shrbhagw=med.umich.edu at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: Wednesday, September 6, 2017 6:37 PM
To: freeradius-users at lists.freeradius.org
Subject: Re: Migration of FreeRadius Server from 2.1 to 3.X
On Wed, 2017-09-06 at 16:03 +0000, Bhagwat, Shrikant wrote:
> exec default {
> wait = yes
> program = "/idm/idmt_home/PhoneFactor/Level1Factor.pl
> %{config:modules.ldap.identity} %{config:modules.ldap.password}
> %{config:modules.ldap.server} %{config:modules.ldap.basedn} not_found
> %{config:modules.ldap.level- 1_kdc}
> %{config:modules.ldap.logFILEname}"
> output_pairs = "none"
> shell_escape = yes
> }
> /etc/raddb/mods-enabled/exec[33]: Invalid output list 'none'
> /etc/raddb/mods-enabled/exec[33]: Instantiation failed for module
> "default"
>
> Not sure why Invalid Output list none
Because that's invalid - the output lists are documented in mods- available/echo (which mods-available/exec points to), so you need to use one of the standard attribute list names.
The release notes say that a config for version 2 won't just work on version 3 for a reason... the config likely won't "just work". So you have to look at the examples with the server and update your config where necessary.
If you're looking at that anyway, it's probably a good time to consider if you can do whatever you are doing in the external script within FreeRADIUS directly. Running scripts is generally much slower than, for example, doing LDAP lookups or similar in the server.
--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
More information about the Freeradius-Users
mailing list