FreeRadius ldap queries are not executed
Alan DeKok
aland at deployingradius.com
Mon Mar 17 10:08:01 UTC 2025
On Mar 17, 2025, at 4:44 PM, Matvey Teplov via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> After excessive troubleshooting, I am coming to the following error:
> "/etc/freeradius/3.0/sites-enabled/default[43]: Expecting section start brace '{' after "ldap ms_ad" is coming up while debugging with freeradius -X.
> FreeRADIUS fails to parse the configuration file during startup, expecting the server definition in the post_auth, while it should use the ms_ad to refer to the module definition.
>
> Did anyone experience this behaviour before?
Can you post the actual text that you've added to the configuration?
I'm not sure I understand this issue. Either there's an error parsing the configuration files, which means the server can't run. OR there isn't an error parsing the server files, which means the server runs and produces debug output.
Which is it?
As for the debug output you posted, you only posted a tiny piece of it. Please post ALL of it, as suggested in ALL of the documentation.
The server doesn't delete the control attributes. So if the LDAP-Group control attributes don't exist after proxying, then they didn't exist before proxying.
The debug output you posted doesn't contain any information about what happened before the request was proxied. So it's impossible to tell why the LDAP-Group attributes are missing. Maybe they were never created...
Alan DeKok.
More information about the Freeradius-Users
mailing list