Freeradius-Users Digest, Vol 196, Issue 8
Valery Kayukov
kayukovvalery at gmail.com
Sun Aug 8 13:44:38 CEST 2021
Hi Alan,
Thank you for your help. By the way I use 3.0.17 version. I have fixed that
but still have this problem with LDAP groups:
Sun Aug 8 11:36:22 2021 : Debug: # Instantiating module "files" from
file /etc/raddb/mods-enabled/files
Sun Aug 8 11:36:22 2021 : Debug: reading pairlist file
/etc/raddb/mods-config/files/authorize
Sun Aug 8 11:36:22 2021 : Error:
/etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
DEFAULT: Unknown name "LDAP-Group"
Sun Aug 8 11:36:22 2021 : Error: Failed reading
/etc/raddb/mods-config/files/authorize
Sun Aug 8 11:36:22 2021 : Error: /etc/raddb/mods-enabled/files[9]:
Instantiation failed for module "files"
I have read the /etc/raddb/README.rst file about LDAP-Group but still not
getting how to apply it.
In /etc/raddb/mods-config/files/authorize file I have following:
#LDAP NetEng team members
DEFAULT LDAP-Group == "cn=neteng,ou=system
groups,ou=Groups,dc=company,dc=net"
Service-Type = "Administrative-User",
cisco-avpair := "shell:roles=network-admin,vdc-admin",
cisco-avpair += "shell:priv-lvl=15",
Filter-Id = ":group_name=neteng;"
In /etc/raddb/sites-available/default config:
authorize {
...
ldap-server-a
if ((ok || updated) && User-Password) {
update control {
Auth-Type := ldap
}
}
ldap-server-b
if ((ok || updated) && User-Password) {
update control {
Auth-Type := ldap
}
}
...
}
authenticate {
...
redundant {
location1
location2
}
...
}
In /etc/raddb/mods-available/ldap config:
ldap ldap-server-a {
server = "ldap-a.company.net"
basedn = "dc=company,dc=net"
}
...
}
ldap ldap-server-b {
server = "ldap-b.company.net"
basedn = "dc=company,dc=net"
...
}
How convert config in file /etc/raddb/mods-config/files/authorize to v3?
Best regards,
Valeriy
On Sun, 8 Aug 2021 at 11:00, <freeradius-users-request at lists.freeradius.org>
wrote:
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Parse error (check) for entry DEFAULT: Unknown name
> "LDAP-Group" (Valery Kayukov)
> 2. Re: Parse error (check) for entry DEFAULT: Unknown name
> "LDAP-Group" (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 7 Aug 2021 13:00:11 +0100
> From: Valery Kayukov <kayukovvalery at gmail.com>
> To: freeradius-users at lists.freeradius.org
> Subject: Parse error (check) for entry DEFAULT: Unknown name
> "LDAP-Group"
> Message-ID:
> <
> CAAoKmEsJSQ4ZMxM5UxEbwHks_4JyzfejTe6spjhJZeBEyS6ThQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi team,
>
> I am new to the freeRADIUS project. Can't start my server, it return error
> message:
> Sat Aug 7 11:48:24 2021 : Debug: # Instantiating module "files" from
> file /etc/raddb/mods-enabled/files
> Sat Aug 7 11:48:24 2021 : Debug: reading pairlist file
> /etc/raddb/mods-config/files/authorize
> Sat Aug 7 11:48:24 2021 : Error:
> /etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
> DEFAULT: Unknown name "LDAP-Group"
> Sat Aug 7 11:48:24 2021 : Error: Failed reading
> /etc/raddb/mods-config/files/authorize
> Sat Aug 7 11:48:24 2021 : Error: /etc/raddb/mods-enabled/files[9]:
> Instantiation failed for module "files"
>
> Here is configuration file /etc/raddb/mods-config/files/authorize:
> #LDAP Rancid service account
> rancid LDAP-UserDN :=
> `uid=rancid,ou=services,ou=Accounts,dc=company,dc=net`
> Service-Type = "NAS-Prompt-User",
> cisco-avpair := "optional shell:roles=rancid,network-operator",
> cisco-avpair += "shell:priv-lvl=15",
> Juniper-Local-User-Name := "rancid",
> Citrix-Group = "rancid"
>
> #LDAP Apple team members
> DEFAULT LDAP-Group == "cn=apple,ou=system groups,ou=Groups,dc=
> company,dc=net"
> Service-Type = "Administrative-User",
> cisco-avpair := "shell:roles=network-admin,vdc-admin",
> cisco-avpair += "shell:priv-lvl=15",
> Juniper-Local-User-Name := "apple",
> Citrix-Group = "apple",
> Filter-Id = ":group_name=apple;"
>
> What is wrong here?
>
> --
> Best Regards,
> Valeriy Kayukov
> System Engineer
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 7 Aug 2021 09:44:01 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Subject: Re: Parse error (check) for entry DEFAULT: Unknown name
> "LDAP-Group"
> Message-ID: <8F938E67-BB0D-4459-8968-2EE5B10CFCEE at deployingradius.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Aug 7, 2021, at 8:00 AM, Valery Kayukov <kayukovvalery at gmail.com>
> wrote:
> >
> > I am new to the freeRADIUS project. Can't start my server, it return
> error
> > message:
> > Sat Aug 7 11:48:24 2021 : Debug: # Instantiating module "files" from
> > file /etc/raddb/mods-enabled/files
> > Sat Aug 7 11:48:24 2021 : Debug: reading pairlist file
> > /etc/raddb/mods-config/files/authorize
> > Sat Aug 7 11:48:24 2021 : Error:
> > /etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
> > DEFAULT: Unknown name "LDAP-Group"
>
> You haven't enabled the LDAP module.
>
> Or, depending on the local file system, you may need to edit
> radiusd.conf to load the "ldap" module early:
>
> instantiate {
> ...
> ldap
> }
>
> This is documented in the comments before the "instantiate" section.
>
> Alan DeKok.
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> ------------------------------
>
> End of Freeradius-Users Digest, Vol 196, Issue 8
> ************************************************
>
--
Best Regards,
Valeriy Kayukov
System Engineer
More information about the Freeradius-Users
mailing list