Migrating configuration. Users file

jan hugo prins jhp at jhprins.org
Thu Sep 21 20:02:06 CEST 2017 

Found the issue.
Got it working.
In the migration I renamed the ldap instance ldap_betterbe to betterbe.
This resulted in a mismatch between the authorize file and the ldap
group objects.

Thanks for you help.
Jan Hugo Prins



On 09/21/2017 07:58 PM, jan hugo prins wrote:
> If I remove the dictionary line I get the following error in my
> authorize file during config parse:
>
> Thu Sep 21 19:54:56 2017 : Debug: reading pairlist file
> /etc/raddb/mods-config/files/authorize
> Thu Sep 21 19:54:56 2017 : Error:
> /etc/raddb/mods-config/files/authorize[1]: Parse error (check) for entry
> DEFAULT: Unknown name "ldap_betterbe-Ldap-Group"
> Thu Sep 21 19:54:56 2017 : Error: Failed reading
> /etc/raddb/mods-config/files/authorize
> Thu Sep 21 19:54:56 2017 : Error: /etc/raddb/mods-enabled/files[9]:
> Instantiation failed for module "files"
>
>
> Jan Hugo
>
>
> On 09/21/2017 07:44 PM, Alan DeKok wrote:
>> On Sep 21, 2017, at 1:16 PM, jan hugo prins <jhp at jhprins.org> wrote:
>>> You are absolutely right that changing one thing at the time is the best
>>> way to go. the first thing I changes was the version of FreeRadius so I
>>> had to rebuild my complete config file. Most things are working fine
>>> again. But in the rebuilding of the config file some things actually
>>> changed a lot because the old syntax was simply not working anymore.
>>   Yes.  That's why we recommend recreating the config, instead of just copying it.
>>
>>> Anyway, now for the users file and the group mapping:
>>>
>>> My ldap configuration looks like this:
>>   That should work.
>>
>>> Some entry out of my authorize file:
>>>
>>> DEFAULT ldap_betterbe-Ldap-Group == "werkneme-betterbe", Realm ==
>>> "betterbe.com", Huntgroup-Name == "wireless"
>>>         Aruba-User-Vlan = 101,
>>>         Aruba-User-Role = "authenticated"
>>   That should also work.
>>
>>> And the corresponding enrty out of my dictionary file:
>>>
>>> ATTRIBUTE       ldap_betterbe-Ldap-Group    3000    string
>>   Delete that. It's wrong, and not necessary.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list