Freeradius-Users Digest, Vol 196, Issue 8

Valery Kayukov kayukovvalery at gmail.com
Sun Aug 8 13:44:38 CEST 2021


Hi Alan,

Thank you for your help. By the way I use 3.0.17 version. I have fixed that
but still have this problem with LDAP groups:
Sun Aug  8 11:36:22 2021 : Debug:   # Instantiating module "files" from
file /etc/raddb/mods-enabled/files
Sun Aug  8 11:36:22 2021 : Debug: reading pairlist file
/etc/raddb/mods-config/files/authorize
Sun Aug  8 11:36:22 2021 : Error:
/etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
DEFAULT: Unknown name "LDAP-Group"
Sun Aug  8 11:36:22 2021 : Error: Failed reading
/etc/raddb/mods-config/files/authorize
Sun Aug  8 11:36:22 2021 : Error: /etc/raddb/mods-enabled/files[9]:
Instantiation failed for module "files"

I have read the /etc/raddb/README.rst file about LDAP-Group but still not
getting how to apply it.

In /etc/raddb/mods-config/files/authorize file I have following:
#LDAP NetEng team members
DEFAULT LDAP-Group == "cn=neteng,ou=system
groups,ou=Groups,dc=company,dc=net"
    Service-Type = "Administrative-User",
    cisco-avpair := "shell:roles=network-admin,vdc-admin",
    cisco-avpair += "shell:priv-lvl=15",
    Filter-Id = ":group_name=neteng;"

In /etc/raddb/sites-available/default config:
authorize {
...
        ldap-server-a
        if ((ok || updated) && User-Password) {
                update control {
                        Auth-Type := ldap
                }
        }
        ldap-server-b
        if ((ok || updated) && User-Password) {
                update control {
                        Auth-Type := ldap
                }
        }
...
}
authenticate {
...
        redundant {
                location1
                location2
        }
...
}

In /etc/raddb/mods-available/ldap config:
ldap ldap-server-a {
        server = "ldap-a.company.net"
        basedn = "dc=company,dc=net"
        }
...
}

ldap ldap-server-b {
        server = "ldap-b.company.net"
        basedn = "dc=company,dc=net"
...
}

How convert config in file /etc/raddb/mods-config/files/authorize to v3?

Best regards,
Valeriy

On Sun, 8 Aug 2021 at 11:00, <freeradius-users-request at lists.freeradius.org>
wrote:

> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. Parse error (check) for entry DEFAULT: Unknown name
>       "LDAP-Group" (Valery Kayukov)
>    2. Re: Parse error (check) for entry DEFAULT: Unknown name
>       "LDAP-Group" (Alan DeKok)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 7 Aug 2021 13:00:11 +0100
> From: Valery Kayukov <kayukovvalery at gmail.com>
> To: freeradius-users at lists.freeradius.org
> Subject: Parse error (check) for entry DEFAULT: Unknown name
>         "LDAP-Group"
> Message-ID:
>         <
> CAAoKmEsJSQ4ZMxM5UxEbwHks_4JyzfejTe6spjhJZeBEyS6ThQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi team,
>
> I am new to the freeRADIUS project. Can't start my server, it return error
> message:
> Sat Aug  7 11:48:24 2021 : Debug:   # Instantiating module "files" from
> file /etc/raddb/mods-enabled/files
> Sat Aug  7 11:48:24 2021 : Debug: reading pairlist file
> /etc/raddb/mods-config/files/authorize
> Sat Aug  7 11:48:24 2021 : Error:
> /etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
> DEFAULT: Unknown name "LDAP-Group"
> Sat Aug  7 11:48:24 2021 : Error: Failed reading
> /etc/raddb/mods-config/files/authorize
> Sat Aug  7 11:48:24 2021 : Error: /etc/raddb/mods-enabled/files[9]:
> Instantiation failed for module "files"
>
> Here is configuration file /etc/raddb/mods-config/files/authorize:
> #LDAP Rancid service account
> rancid LDAP-UserDN :=
> `uid=rancid,ou=services,ou=Accounts,dc=company,dc=net`
>     Service-Type = "NAS-Prompt-User",
>     cisco-avpair := "optional shell:roles=rancid,network-operator",
>     cisco-avpair += "shell:priv-lvl=15",
>     Juniper-Local-User-Name := "rancid",
>     Citrix-Group = "rancid"
>
> #LDAP Apple team members
> DEFAULT LDAP-Group == "cn=apple,ou=system groups,ou=Groups,dc=
> company,dc=net"
>     Service-Type = "Administrative-User",
>     cisco-avpair := "shell:roles=network-admin,vdc-admin",
>     cisco-avpair += "shell:priv-lvl=15",
>     Juniper-Local-User-Name := "apple",
>     Citrix-Group = "apple",
>     Filter-Id = ":group_name=apple;"
>
> What is wrong here?
>
> --
> Best Regards,
> Valeriy Kayukov
> System Engineer
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 7 Aug 2021 09:44:01 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Parse error (check) for entry DEFAULT: Unknown name
>         "LDAP-Group"
> Message-ID: <8F938E67-BB0D-4459-8968-2EE5B10CFCEE at deployingradius.com>
> Content-Type: text/plain;       charset=us-ascii
>
> On Aug 7, 2021, at 8:00 AM, Valery Kayukov <kayukovvalery at gmail.com>
> wrote:
> >
> > I am new to the freeRADIUS project. Can't start my server, it return
> error
> > message:
> > Sat Aug  7 11:48:24 2021 : Debug:   # Instantiating module "files" from
> > file /etc/raddb/mods-enabled/files
> > Sat Aug  7 11:48:24 2021 : Debug: reading pairlist file
> > /etc/raddb/mods-config/files/authorize
> > Sat Aug  7 11:48:24 2021 : Error:
> > /etc/raddb/mods-config/files/authorize[10]: Parse error (check) for entry
> > DEFAULT: Unknown name "LDAP-Group"
>
>   You haven't enabled the LDAP module.
>
>    Or, depending on the local file system, you may need to edit
> radiusd.conf to load the "ldap" module early:
>
> instantiate {
>         ...
>         ldap
> }
>
>   This is documented in the comments before the "instantiate" section.
>
>   Alan DeKok.
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> ------------------------------
>
> End of Freeradius-Users Digest, Vol 196, Issue 8
> ************************************************
>


-- 
Best Regards,
Valeriy Kayukov
System Engineer


More information about the Freeradius-Users mailing list