FreeRADIUS 4: DHCP v4: ERROR: Expansion "network" needs to be resolved before it is used

Dima Ermakov demonihin at gmail.com
Fri Nov 8 11:27:36 UTC 2024 

Hi,
I am trying to test FreeRADIUS 4 on RockyLinux 9.4 built from commit
c01f1dbb733966ac51f7d2bacb6343fc04450024
I know that this software is not supposed to be used in production
(and I don't do it, it is testing only for now).

I tried to configure a simple DHCPv4 service which uses the "files"
module to assign per-network properties.
The processing fails with expansion of "key" in files:

"""
files files_dhcp_network {
    #
    #  moddir:: Search for files in a subdirectory of mods-config which
    #  matches this instance of the files module.
    #
    moddir = ${modconfdir}/files_dhcp

    #
    #  key:: The default key attribute to use for matches.
    #
    #  The content of this attribute is used to match the `name` of the entry.
    #
        key = 'network'

    #
    #  filename:: The old `users` style file is now located here.
    #
    filename = ${moddir}/dhcp_config
}
"""

with error: files_dhcp_network - ERROR: Expansion "network" needs to
be resolved before it is used.

Here is a part of my ${moddir}/dhcp_config (inspired by
https://www.freeradius.org/documentation/freeradius-server/3.2.7/howto/protocols/dhcp/policy_network_options.html
):

"""
network IP-Pool.Name := "local"
    Domain-Name := "example.org",
    Subnet-Mask := 255.255.255.0,
    Router-Address := 172.16.1.1,
    Domain-Name-Server := 192.168.20.2,
    Fall-Through := yes

network Network-Subnet < 172.25.1.0/24
    IP-Pool.Name := "pool-172.25.1.0/24",
    Subnet-Mask := 255.255.255.0,
    Broadcast-Address := 172.25.1.255
"""

Could you, please, if possible point me to what should be corrected?

Here is the debug output of a test request:

[root at w-v-dmierm-freeradius-test-0 mods-enabled]# radiusd -v
Info : radiusd - FreeRADIUS version 4.0.65535 (git #), for host
x86_64-redhat-linux-gnu, built on Sep 25 2013 at 00:00:00
Info : Copyright 1999-2024 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named COPYRIGHT

[root at w-v-dmierm-freeradius-test-0 mods-enabled]# radiusd -X
Info : Copyright 1999-2024 The FreeRADIUS server project and contributors
Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info : PARTICULAR PURPOSE
Info : You may redistribute copies of FreeRADIUS under the terms of the
Info : GNU General Public License
Info : For more information about these matters, see the file named COPYRIGHT
Info : Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
Including files in directory "/etc/raddb/template.d/"
including configuration file /etc/raddb/template.d/default
including configuration file /etc/raddb/clients.conf
Including files in directory "/etc/raddb/global.d/"
including configuration file /etc/raddb/global.d/ldap
including configuration file /etc/raddb/global.d/python
Including files in directory "/etc/raddb/mods-enabled/"
including configuration file /etc/raddb/mods-enabled/always
including configuration file /etc/raddb/mods-enabled/files_dhcp
Including files in directory "/etc/raddb/policy.d/"
including configuration file /etc/raddb/policy.d/abfab-tr
including configuration file /etc/raddb/policy.d/accounting
including configuration file /etc/raddb/policy.d/canonicalisation
including configuration file /etc/raddb/policy.d/control
including configuration file /etc/raddb/policy.d/cui
including configuration file /etc/raddb/policy.d/debug
including configuration file /etc/raddb/policy.d/dhcp
including configuration file /etc/raddb/policy.d/eap
including configuration file /etc/raddb/policy.d/filter
including configuration file /etc/raddb/policy.d/operator-name
including configuration file /etc/raddb/policy.d/time
including configuration file /etc/raddb/policy.d/vendor
/etc/raddb/policy.d/vendor[8]: Using deprecated syntax. Please use new
the new 'foreach' syntax.
Including files in directory "/etc/raddb/sites-enabled/"
including configuration file /etc/raddb/sites-enabled/dhcp
Loaded module process_dhcpv4
Parsing initial logging configuration.
main {
prefix = /usr
log {
destination = file
syslog_facility = daemon
local_state_dir = "/usr/var"
logdir = "/usr/var/log"
file = /var/log/radius/radius.log
suppress_secrets = no
}
}
Parsing security rules to bootstrap UID / GID / chroot / etc.
main {
log {
}
security {
allow_core_dumps = no
allow_vulnerable_openssl = no
openssl_fips_mode = no
}
name = radiusd
local_state_dir = "/usr/var"
run_dir = /var/run/radiusd
}
Parsing main configuration
main {
server dhcp {
namespace = dhcpv4
Loaded module proto_dhcpv4
listen {
type = Discover
type = Request
type = Inform
type = Release
type = Decline
transport = udp
Loaded module proto_dhcpv4_udp
udp {
ipaddr = 0.0.0.0
interface = ens224
port = 67
client_port = 68
broadcast = yes
networks {
}
max_packet_size = 4096
max_attributes = 255
}
limit {
cleanup_delay = 5.0
idle_timeout = 30.0
nak_lifetime = 30.0
max_connections = 1024
max_clients = 256
max_pending_packets = 256
priority {
Discover = normal
Request = normal
Decline = normal
Release = normal
Inform = normal
Lease-Query = low
Bulk-Lease-Query = low
}
}
}
}
log {
colourise = yes
}
security {
}
sbin_dir = "/usr/sbin"
logdir = /var/log/radius
radacctdir = /var/log/radius/radacct
reverse_lookups = no
hostname_lookups = yes
max_request_time = 30
pidfile = /var/run/radiusd/radiusd.pid
debug_level = 0
max_requests = 16384
resources {
}
thread pool {
num_networks = 1
Dynamically determined thread.workers = 2
num_workers = 2
openssl_async_pool_init = 64
openssl_async_pool_max = 1024
}
migrate {
rewrite_update = false
forbid_update = false
}
}
Switching to configured log settings
log debug {
destination = null
timestamp = yes
colourise = no
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
secret = <<< secret >>>
require_message_authenticator = auto
limit_proxy_state = auto
proto = *
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = <<< secret >>>
require_message_authenticator = no
limit_proxy_state = auto
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30s
}
}
Debugger not attached
Configuration version: A2E989E4-D5C6-4963-A1D1-083575FFAC4D
systemd watchdog is disabled
pre-suid-down capabilities: =ep
trigger { ... } subsection not found, triggers will be disabled
#### Instantiating libraries ####
#### Bootstrapping process modules ####
#### Bootstrapping protocol modules ####
#### Instantiating libraries ####
#### Bootstrapping static modules ####
modules {
static {
Loaded module rlm_always
always reject {
rcode = reject
}
always fail {
rcode = fail
}
always ok {
rcode = ok
}
always handled {
rcode = handled
}
always invalid {
rcode = invalid
}
always disallow {
rcode = disallow
}
always notfound {
rcode = notfound
}
always noop {
rcode = noop
}
always updated {
rcode = updated
}
Loaded module rlm_files
files files_dhcp_network {
filename = /etc/raddb/mods-config/files_dhcp/dhcp_config
}
files files_dhcp_host {
filename = /etc/raddb/mods-config/files_dhcp/dhcp_config
}
} # static
#### Bootstrapping rlm modules ####
Bootstrapping rlm_always "disallow"
Bootstrapping rlm_always "fail"
Bootstrapping rlm_always "handled"
Bootstrapping rlm_always "invalid"
Bootstrapping rlm_always "noop"
Bootstrapping rlm_always "notfound"
Bootstrapping rlm_always "ok"
Bootstrapping rlm_always "reject"
Bootstrapping rlm_always "updated"
Including dictionary file "/etc/raddb/dictionary"
#### Instantiating listeners ####
Compiling policies in server dhcp { ... }
Compiling policies in - recv Discover {...}
Reading file /etc/raddb/mods-config/files_dhcp/dhcp_config
Reading file /etc/raddb/mods-config/files_dhcp/dhcp_config
Compiling policies in - recv Request {...}
Compiling policies in - recv Decline {...}
Compiling policies in - recv Release {...}
Compiling policies in - recv Inform {...}
Compiling policies in - recv Lease-Query {...}
/etc/raddb/sites-enabled/dhcp[307]: Skipping remaining instructions
due to 'return'
/etc/raddb/sites-enabled/dhcp[319]: Skipping remaining instructions
due to 'return'
dhcpv4 { ... } section is unused
#### Instantiating process modules ####
#### Instantiating protocol modules ####
Instantiating proto_dhcpv4 "dhcp.dhcpv4"
Instantiating proto_dhcpv4_udp "dhcp.dhcpv4.udp"
#### Instantiating rlm modules ####
Instantiating rlm_always "disallow"
Instantiating rlm_always "fail"
Instantiating rlm_always "handled"
Instantiating rlm_always "invalid"
Instantiating rlm_always "noop"
Instantiating rlm_always "notfound"
Instantiating rlm_always "ok"
Instantiating rlm_always "reject"
Instantiating rlm_always "updated"
Scheduler created in single-threaded mode
#### Opening listener interfaces ####
Listening on dhcpv4_udp server * port 67 on interface ens224 bound to
virtual server dhcp
post-suid-down capabilities: =ep
Ready to process requests
proto_dhcpv4_udp - Received Discover XID f252956f length 300
dhcpv4_udp server * port 67 on interface ens224
Worker - Resetting cleanup timer to +30
(0) dhcp {
(0) Received Discover XID f252956f from 0.0.0.0:68 to
255.255.255.255:67 via ens224
(0) Opcode = Client-Message
(0) Hardware-Type = Ethernet
(0) Hardware-Address-Length = 6
(0) Hop-Count = 0
(0) Transaction-Id = 4065498479
(0) Number-of-Seconds = 0
(0) Flags = 0
(0) Client-IP-Address = 0.0.0.0
(0) Your-IP-Address = 0.0.0.0
(0) Server-IP-Address = 0.0.0.0
(0) Gateway-IP-Address = 0.0.0.0
(0) Client-Hardware-Address = 02:01:aa:bb:cc:dd
(0) Message-Type = Discover
(0) Client-Identifier = 0x616263313233
(0) Network-Subnet = 0.0.0.0/32
(0) Net {
(0) Src {
(0) IP = 0.0.0.0
(0) Port = 68
(0) }
(0) Dst {
(0) IP = 255.255.255.255
(0) Port = 67
(0) }
(0) Timestamp = "2024-11-08T10:16:53Z"
(0) }
(0) Packet-Type = Discover
(0) Running 'recv Discover' from file /etc/raddb/sites-enabled/dhcp
(0) recv Discover {
(0) files_dhcp_network - ERROR: Expansion "network" needs to be
resolved before it is used
(0) files_dhcp_network (fail)
(0) } # recv Discover (fail)
(0) Not sending reply to client
(0) dhcp (fail)
(0) } # dhcp (fail)
(0) Done request
(0) Finished request
proto_dhcpv4_udp - cleaning up request in 5.000000s
^CSignalled to terminate
Exiting normally

Thank you in advance,
// Dmitrii.

More information about the Freeradius-Users mailing list