I am seeing something interesting in freeradius parsing the users file.
It appears that it is giving me a trailing comma error instead of the true
error. I added similar to block group of ISDN in the subject, because
this is related to that thread and it could be an innapproprate
debug message.
In my setup, I have defined an ldap configuration with the name of vpn1,
using
ldap vpn1 {
...
}
Then in my users file, I have only this line (I removed all other lines
for testing).
DEFAULT vpn1-Ldap-Group == disabled, Auth-Type := Reject
With this, I can start radius fine. Debug shows this.
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Then, when I change it to use a different ldap-group, which does not
actually exist, such as
DEFAULT other-Ldap-Group == disabled, Auth-Type := Reject
I then get this error message.
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
/usr/local/etc/raddb/users[1]: Unexpected trailing comma in check item
list for entry DEFAULT
Errors reading /usr/local/etc/raddb/users
radiusd.conf[90]: files: Module instantiation failed.
So, it appears that freeradius isn't able to start because I am telling it
to use other-ldap-group, which does not exist. However, the debug message
I get tells me that I have an unexpected comma. So, it looks to me that
freeradius doesn't understand what other-ldap-group is, so it ignores that
part and then that leaves the unexpected comma after it.
You should be able to reproduce this by listing anything that freeradius
won't understand. For example, put in
DEFAULT NAS-IP-Address == 1.1.1.1, Auth-Type := Reject
vs
DEFAULT NAS-IPAddress == 1.1.1.1, Auth-Type := Reject
You will see the same behavior.
I wrote this to the users list before submitting a bug report.
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
