PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001727PacketFenceradiuspublic2013-10-09 12:452013-10-09 12:45
Reportercarrots 
Assigned To 
PriorityhighSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformLinuxOSRHEL / CentOSOS Version6
Product Version4.0.6-2 
Target VersionFixed in Version 
Summary0001727: Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section.
DescriptionWhenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:-

Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section.
Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section.
Error: Failed to load virtual server <default>

Contents of some of the configuration files are as follows:-

/usr/local/pf/conf/radiusd/radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}
run_dir = ${localstatedir}/run

db_dir = ${raddbdir}

libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid

user = pf
group = pf

max_request_time = 30
cleanup_delay = 5
max_requests = 1024

listen {
        type = auth
        ipaddr = %%management_ip%%
        port = 0
        virtual_server = packetfence
}

listen {
        ipaddr = %%management_ip%%
        port = 0
        type = acct
        virtual_server = packetfence
}

hostname_lookups = no
allow_core_dumps = no

regular_expressions = yes
extended_expressions = yes

log {
        destination = files
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}

proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf

thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        $INCLUDE ${confdir}/modules/
        $INCLUDE eap.conf
        $INCLUDE sql.conf
}

instantiate {
        exec
        expr
        expiration
        logintime
}

$INCLUDE policy.conf
$INCLUDE sites-enabled/

authorize {
        eap
        files
}

authenticate {
        eap
}



/usr/local/pf/raddb/sites-enabled/default - perl entry lines shown...
authorize {

<sic>
        #
        # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        # authentication.
        #
        # It also sets the EAP-Type attribute in the request
        # attribute list to the EAP type from the packet.
        #
        # As of 2.0, the EAP module returns "ok" in the authorize stage
        # for TTLS and PEAP. In 1.x, it never returned "ok" here, so
        # this change is compatible with older configurations.
        #
        # The example below uses module failover to avoid querying all
        # of the following modules if the EAP module returns "ok".
        # Therefore, your LDAP and/or SQL servers will not be queried
        # for the many packets that go back and forth to set up TTLS
        # or PEAP. The load on those servers will therefore be reduced.
        #
        eap {
                ok = return
        }

<sic>

        #
        # The ldap module will set Auth-Type to LDAP if it has not
        # already been set
# ldap

        #
        # Enforce daily limits on time spent logged in.
# daily

        #
        # Use the checkval module
# checkval

        expiration
        logintime
        perl



<sic>

# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
        # Get an address from the IP Pool.
# main_pool
        perl
        #
        # If you want to have a log of authentication replies,
        # un-comment the following line, and the 'detail reply_log'
        # section, above.
# reply_log


If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine.

Steps To ReproduceInstall packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide.
Additional InformationI've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries.

I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:-

raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}

TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2013-10-09 12:45 carrots New Issue


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker