PacketFence - BTS - PacketFence | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001727 | PacketFence | radius | public | 2013-10-09 12:45 | 2013-10-09 12:45 |
| Reporter | carrots | ||||
| Assigned To | |||||
| Priority | high | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Linux | OS | RHEL / CentOS | OS Version | 6 |
| Product Version | 4.0.6-2 | ||||
| Target Version | Fixed in Version | ||||
| fixed in git revision | |||||
| fixed in mtn revision | |||||
| Summary | 0001727: Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section. | ||||
| Description | Whenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:- Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section. Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section. Error: Failed to load virtual server <default> Contents of some of the configuration files are as follows:- /usr/local/pf/conf/radiusd/radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = %%install_dir%%/var sbindir = /usr/sbin logdir = %%install_dir%%/logs raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir} run_dir = ${localstatedir}/run db_dir = ${raddbdir} libdir = /usr/lib%%arch%%/freeradius pidfile = ${run_dir}/${name}.pid user = pf group = pf max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = %%management_ip%% port = 0 virtual_server = packetfence } listen { ipaddr = %%management_ip%% port = 0 type = acct virtual_server = packetfence } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf $INCLUDE sql.conf } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/ authorize { eap files } authenticate { eap } /usr/local/pf/raddb/sites-enabled/default - perl entry lines shown... authorize { <sic> # # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP # authentication. # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. # # As of 2.0, the EAP module returns "ok" in the authorize stage # for TTLS and PEAP. In 1.x, it never returned "ok" here, so # this change is compatible with older configurations. # # The example below uses module failover to avoid querying all # of the following modules if the EAP module returns "ok". # Therefore, your LDAP and/or SQL servers will not be queried # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return } <sic> # # The ldap module will set Auth-Type to LDAP if it has not # already been set # ldap # # Enforce daily limits on time spent logged in. # daily # # Use the checkval module # checkval expiration logintime perl <sic> # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { # Get an address from the IP Pool. # main_pool perl # # If you want to have a log of authentication replies, # un-comment the following line, and the 'detail reply_log' # section, above. # reply_log If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine. | ||||
| Steps To Reproduce | Install packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide. | ||||
| Additional Information | I've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries. I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:- raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir} | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2013-10-09 12:45 | carrots | New Issue | |||
| There are no notes attached to this issue. |