Dee
Reputation: 17
FreeRADIUS Python Module “Unknown or invalid value ”Python“ for attribute Auth-Type”
I am attempting to setup a FreeRadius Server (3.0.21) with Python Module. I just keep getting the error below when I try starting radiusd(radiusd -X):
/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize[1]: Parse error (check) for entry DEFAULT: Unknown or invalid value "Python" for attribute Auth-Type
Failed reading /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize
/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
Also I noticed the following which I am not sure is related
# Instantiating module "python" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/python
Python version: 2.7.16 (default, Apr 17 2020, 18:29:03) [GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.29.20) (-macos10.15-objc-
*** instantiate ***
None
As per documentation, I have completed the following:
-added "DEFAULT Auth-type := python" as the first and only uncommented line in /etc/raddb/users
-added the module location to /etc/raddb/mods-enabled/python
-added the Auth-Type declarations in the site file (/etc/raddb/sites-available/default) see below.
Here are the contents of the relevant files with comments removed (these things are 99% comments) /etc/raddb/users
DEFAULT Auth-Type := python
/etc/raddb/mods-enabled/python
module = example
python_path = ${modconfdir}/${.:name}
mod_instantiate = ${.module}
#########Uncommented the following line #######
func_instantiate = instantiate
mod_detach = ${.module}
# func_detach = detach
/etc/raddb/sites-enabled/default
**authorize**
#
# If you want to have a log of authentication requests,
# un-comment the following line.
# auth_log
## Enable Python ##
python
#####
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
chap
authenticate Auth-Type Pyton { python }
I also referred a similar question freeRadius Perl Module Issue regarding Perl and tried enabling Perl which works fine for me but Python doesn't work following the same steps.
and finally the verbose startup log
FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/local/Cellar/freeradius-server/3.0.21/share/freeradius/dictionary
including dictionary file /usr/local/Cellar/freeradius-server/3.0.21/share/freeradius/dictionary.dhcp
including dictionary file /usr/local/Cellar/freeradius-server/3.0.21/share/freeradius/dictionary.vqp
including dictionary file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/dictionary
including configuration file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/radiusd.conf
including configuration file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/proxy.conf
including configuration file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/clients.conf
including files in directory /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/
including configuration file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/default
including configuration file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/inner-tunnel
main {
name = "radiusd"
prefix = "/usr/local/Cellar/freeradius-server/3.0.21"
localstatedir = "/usr/local/var"
sbindir = "/usr/local/Cellar/freeradius-server/3.0.21/bin"
logdir = "/usr/local/var/log/radius"
run_dir = "/usr/local/var/run/radiusd"
libdir = "/usr/local/Cellar/freeradius-server/3.0.21/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 16384
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/Cellar/freeradius-server/3.0.21/bin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
allow_vulnerable_openssl = "no"
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>
}
Found debugger attached
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_detail
# Loading module "auth_log" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/detail.log
detail auth_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log"
detail reply_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
detail pre_proxy_log {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log"
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "eap"
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
}
# Loaded module rlm_exec
# Loading module "echo"
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_python
# Loading module "python" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/python
python {
mod_instantiate = "example"
func_instantiate = "instantiate"
mod_authorize = "example"
func_authorize = "authorize"
mod_authenticate = "example"
mod_preacct = "example"
mod_accounting = "example"
mod_checksimul = "example"
mod_pre_proxy = "example"
mod_post_proxy = "example"
mod_post_auth = "example"
mod_recv_coa = "example"
mod_send_coa = "example"
mod_detach = "example"
python_path = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/python"
cext_compat = yes
pass_all_vps = no
pass_all_vps_dict = no
}
# Loaded module rlm_utf8
# Loading module "utf8"
# Loaded module rlm_ldap
# Loading module "ldap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/ldap
ldap {
server = "localhost"
port = 389
identity = "cn=Directory Manager"
password = <<< secret >>>
sasl {
}
user_dn = "LDAP-UserDn"
user {
scope = "sub"
access_positive = yes
sasl {
}
}
client {
filter = "(objectClass=radiusClient)"
scope = "sub"
base_dn = "ou=people,ou=identities"
}
profile {
}
options {
ldap_debug = 40
chase_referrals = yes
rebind = yes
net_timeout = 1
res_timeout = 10
srv_timelimit = 3
idle = 60
probes = 3
interval = 3
}
tls {
start_tls = no
}
}
# Loading module "fail" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loaded module rlm_perl
# Loading module "perl" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/perl
perl {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/perl/example.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_post_auth = "post_auth"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
perl_flags = "-T"
}
# Loaded module rlm_digest
# Loading module "digest" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/digest
# Loaded module rlm_date
# Loading module "date" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
utc = no
}
# Loading module "wispr2date" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/date
date wispr2date {
format = "%Y-%m-%dT%H:%M:%S"
utc = no
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/preprocess
preprocess {
huntgroups = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/preprocess/huntgroups"
hints = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_pap
# Loading module "pap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_expr
# Loading module "expr" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_unix
# Loading module "unix" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Creating attribute Unix-Group
# Loading module "detail" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/detail
detail {
filename = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_attr_filter
attr_filter attr_filter.post-proxy {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "exec" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_files
# Loading module "files" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/files
files {
filename = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize"
acctusersfile = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/accounting"
preproxy_usersfile = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/pre-proxy"
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/replicate
# Loaded module rlm_chap
# Loading module "chap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/chap
# Loaded module rlm_unpack
# Loading module "unpack" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/unpack
# Loaded module rlm_logintime
# Loading module "logintime" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
use_open_directory = yes
}
# Instantiating module "eap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_leap
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/certs/server.pem"
ca_file = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/certs/ca.pem"
private_key_password = <<< secret >>>
dh_file = "/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
cipher_server_preference = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Please use tls_min_version and tls_max_version instead of disable_tlsv1
Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "python" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/python
Python version: 2.7.16 (default, Apr 17 2020, 18:29:03) [GCC 4.2.1 Compatible Apple LLVM 11.0.3 (clang-1103.0.29.20) (-macos10.15-objc-
*** instantiate ***
None
# Instantiating module "ldap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/ldap
rlm_ldap: libldap vendor: OpenLDAP, version: 20428
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
}
post-auth {
reference = "."
}
rlm_ldap (ldap): Initialising connection pool
pool {
start = 5
min = 3
max = 32
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
# Instantiating module "reject" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "fail" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "ok" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "handled" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "invalid" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "userlock" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "notfound" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "noop" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "updated" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/always
# Instantiating module "perl" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/perl
# Instantiating module "preprocess" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/preprocess
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/preprocess/hints
# Instantiating module "pap" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/pap
# Instantiating module "linelog" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/linelog
# Instantiating module "log_accounting" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/linelog
# Instantiating module "detail" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/detail
# Instantiating module "attr_filter.post-proxy" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/attr_filter
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/attr_filter/accounting_response
# Instantiating module "files" from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/files
reading pairlist file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize
/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize[1]: Parse error (check) for entry DEFAULT: Unknown or invalid value "Python" for attribute Auth-Type
Failed reading /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-config/files/authorize
/usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
Upvotes: 0
Views: 2373
Answers (1)
Dee
Reputation: 17
Seems, I have found the answer by following the other post
Added the following to /etc/raddb/dictionary
VALUE Auth-Type python 100
I can see now that the module is being initialised. But somehow the authentication is failing which needs bit more investigation
Test Command and output
radtest bob hello localhost 1812 testing123
Sent Access-Request Id 28 from 0.0.0.0:51983 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = 192.168.0.236
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Received Access-Reject Id 28 from 127.0.0.1:1812 to 127.0.0.1:51983 length 43
Reply-Message = "Hello from rlm_python"
(0) -: Expected Access-Accept got Access-Reject
Logs from raddb
(0) Received Access-Request Id 28 from 127.0.0.1:51983 to 127.0.0.1:1812 length 73
(0) User-Name = "bob"
(0) User-Password = "hello"
(0) NAS-IP-Address = 192.168.0.236
(0) NAS-Port = 1812
(0) Message-Authenticator = 0x7d14fda6b89582a0a18ac865fc967103
(0) # Executing section authorize from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
*** authorize ***
*** radlog call in authorize ***
(('User-Name', 'bob'), ('User-Password', 'hello'), ('NAS-IP-Address', '192.168.0.236'), ('NAS-Port', '1812'), ('Message-Authenticator', '0x7d14fda6b89582a0a18ac865fc967103'), ('Event-Timestamp', 'Jul 16 2020 09:14:33 BST'))
{}
authorize - 'reply:Reply-Message' = 'Hello from rlm_python'
authorize - 'config:Cleartext-Password' = 'hello'
(0) [python] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "bob", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files: users: Matched entry DEFAULT at line 1
(0) [files] = ok
rlm_ldap (ldap): Closing connection (0): Hit idle_timeout, was idle for 74 seconds
rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was idle for 74 seconds
rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 74 seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was idle for 74 seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was idle for 74 seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
rlm_ldap (ldap): Opening additional connection (5), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Reserved connection (5)
(0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(0) ldap: --> (uid=bob)
(0) ldap: Performing search in "ou=people,ou=identities" with filter "(uid=bob)", scope "sub"
(0) ldap: Waiting for search result...
(0) ldap: Search returned no results
rlm_ldap (ldap): Released connection (5)
Need 2 more connections to reach min connections (3)
rlm_ldap (ldap): Opening additional connection (6), 1 of 31 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(0) [ldap] = notfound
(0) [expiration] = noop
(0) [logintime] = noop
(0) pap: WARNING: Auth-Type already set. Not setting to PAP
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = python
(0) Auth-Type sub-section not found. Ignoring.
(0) # Executing group from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/default
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /usr/local/Cellar/freeradius-server/3.0.21/etc/raddb/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> bob
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) [eap] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.
Waking up in 0.7 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 28 from 127.0.0.1:1812 to 127.0.0.1:51983 length 43
(0) Reply-Message = "Hello from rlm_python"
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 28 with timestamp +74
Ready to process requests
Upvotes: 0
Related Questions
- FreeRadius - Failed binding to authentication address
- FreeRADIUS error Refusing to start due to insecure configuration
- FreeRADIUS Version 3.0.13 - Failed to find 'Auth-Type EAP' section
- Freeradius - No authenticate method found
- Can i use python script to add users (mac auth) to Freeradius 3.0?
- Freeradius server authentication issue
- Failed to link to module 'rlm_python': rlm_python.so
- Unable to compute FREERADIUS CHAP response based on ID + Password + Challenge in Python
- radclient: Failed to find IP addres for host User-Name = Success
- Unable to authorize on FreeRADIUS