warning? about attr_filter for default Debian configs
Matt Zagrabelny
mzagrabe at d.umn.edu
Thu Dec 10 19:58:22 CET 2020
Greetings FR-users,
On a default debian install of freeradius there is some yellow text when
running the server in debug (-X) mode:
[...]
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file
/etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file
/etc/freeradius/3.0/mods-config/attr_filter/access_reject
[/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay" found in filter
list for realm "DEFAULT".
[/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay-USec" found in
filter list for realm "DEFAULT".
[...]
The last two lines which reference line 11 are yellow.
Here is the contents of access_reject:
$ sudo cat -n /etc/freeradius/3.0/mods-config/attr_filter/access_reject
1 #
2 # Configuration file for the rlm_attr_filter module.
3 # Please see rlm_attr_filter(5) manpage for more information.
4 #
5 # $Id: afd89473dc50e4ff62389e35e5cb73b512e9d352 $
6 #
7 # This configuration file is used to remove almost all of the
attributes
8 # From an Access-Reject message. The RFCs say that an
Access-Reject
9 # packet can contain only a few attributes. We enforce that
here.
10 #
11 DEFAULT
12 EAP-Message =* ANY,
13 State =* ANY,
14 Message-Authenticator =* ANY,
15 Error-Cause =* ANY,
16 Reply-Message =* ANY,
17 MS-CHAP-Error =* ANY,
18 Proxy-State =* ANY,
19 FreeRADIUS-Response-Delay =* ANY,
20 FreeRADIUS-Response-Delay-USec =* ANY
I'm afraid I don't know what to modify to eliminate the warning.
Any suggestions?
Thank you!
-m
More information about the Freeradius-Users
mailing list