Here's the authorize section:
authorize {
update control { &REST-HTTP-Header += "${...api_token_header}" }
rest
sql
dailycounter
noresetcounter
dailybandwidthcounter
}
Thanks.
On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano wrote:
>
> Sorry I forgot to ask for the authorize section which is the most
> important part.
>
> Fed
>
> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <[email protected]
> <javascript:>> wrote:
>
>> These are the sections from sites-enabled/default:
>>
>> - authenticate
>> authenticate {}
>>
>> - post-auth
>> post-auth {
>> update control { &REST-HTTP-Header += "${...api_token_header}" }
>> rest
>>
>> Post-Auth-Type REJECT {
>> update control { &REST-HTTP-Header +=
>> "${....api_token_header}" }
>> rest
>> }
>> }
>>
>>
>> - accounting
>> accounting {
>> update control { &REST-HTTP-Header += "${...api_token_header}" }
>> rest
>> }
>>
>>
>> - preacct
>> preacct {
>> preprocess
>>
>> #
>> # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
>> # into a single 64bit counter Acct-[Input|Output]-Octets64.
>> #
>> # acct_counters64
>>
>> #
>> # Session start times are *implied* in RADIUS.
>> # The NAS never sends a "start time". Instead, it sends
>> # a start packet, *possibly* with an Acct-Delay-Time.
>> # The server is supposed to conclude that the start time
>> # was "Acct-Delay-Time" seconds in the past.
>> #
>> # The code below creates an explicit start time, which can
>> # then be used in other modules. It will be *mostly* correct.
>> # Any errors are due to the 1-second resolution of RADIUS,
>> # and the possibility that the time on the NAS may be off.
>> #
>> # The start time is: NOW - delay - session_length
>> #
>>
>> # update request {
>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l -
>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
>> # }
>>
>>
>> #
>> # Ensure that we have a semi-unique identifier for every
>> # request, and many NAS boxes are broken.
>> acct_unique
>>
>> #
>> # Look for IPASS-style 'realm/', and if not found, look for
>> # '@realm', and decide whether or not to proxy, based on
>> # that.
>> #
>> # Accounting requests are generally proxied to the same
>> # home server as authentication requests.
>> # IPASS
>> suffix
>> # ntdomain
>>
>> #
>> # Read the 'acct_users' file
>> files
>> }
>>
>>
>>
>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico Capoano
>> wrote:
>>
>>> Could you share the following sections of your config?
>>>
>>> - authenticate
>>> - post-auth
>>> - accounting
>>> - preacct
>>>
>>>
>>>
>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <[email protected]> wrote:
>>>
>>>> No, I just followed the docs. Am I missing something in the config
>>>> files?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico Capoano
>>>> wrote:
>>>>
>>>>> That's a configuration issue related to "eap". Are you trying to
>>>>> configure EAP?
>>>>>
>>>>> Fed
>>>>>
>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <[email protected]>
>>>>> wrote:
>>>>>
>>>> Thanks Federico,
>>>>>>
>>>>>> The server is a development one and I have specified the port
>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed it
>>>>>> back
>>>>>> to 8000 after you pointed out but still no effect.
>>>>>>
>>>>>> Is freeradius sitting on the same host where
>>>>>>> django-freeradius/openwisp-radius is installed?
>>>>>>
>>>>>>
>>>>>> The host is 127.0.0.1 as specified in my
>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the
>>>>>> instructions
>>>>>> as in the docs as a root user.
>>>>>>
>>>>>> I tried purging and reinstalling freeradius and ended up with a new
>>>>>> error
>>>>>>
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: rlm_sql
>>>>>> (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]:
>>>>>> Creating attribute SQL-Group
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: Unable
>>>>>> to check file "/etc/freeradius/certs/dh": No such file or directory
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]:
>>>>>> rlm_eap_tls: Failed initializing SSL context
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: rlm_eap
>>>>>> (EAP): Failed to initialise rlm_eap_tls
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]:
>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for module
>>>>>> "eap"
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]:
>>>>>> freeradius.service: Control process exited, code=exited status=1
>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed to
>>>>>> start FreeRADIUS multi-protocol policy server.
>>>>>> -- Subject: Unit freeradius.service has failed
>>>>>>
>>>>>> Any idea of how it got here?
>>>>>>
>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico Capoano
>>>>>> wrote:
>>>>>>>
>>>>>>> As the log says, freeradius is trying to reac http://127.0.0.1:8007,
>>>>>>> this fails and hence it halts. To fix it you must ensure it can connect.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> Is freeradius sitting on the same host where
>>>>>>> django-freeradius/openwisp-radius is installed? Is this a production or
>>>>>>> development environment?
>>>>>>>
>>>>>>> If it's a production environment, the URL http://127.0.0.1:8007 is
>>>>>>> likely wrong.
>>>>>>> If it's a development environment, either the development server is
>>>>>>> not started, or maybe is just because unless you changed the port of
>>>>>>> the
>>>>>>> development server, the port is 8000, so the URL should be
>>>>>>> http://127.0.0.1:8000
>>>>>>>
>>>>>>> I hope it helps
>>>>>>> Federico
>>>>>>>
>>>>>>>
>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate wrote:
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I am currently started to work on the django-freeradius project. I
>>>>>>>> am facing some problems in setting up the freeradius server...
>>>>>>>>
>>>>>>>> when I run
>>>>>>>> journalctl -xe
>>>>>>>>
>>>>>>>>
>>>>>>>> the output I get is:
>>>>>>>>
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item
>>>>>>>> "FreeRADIUS-Response-Delay-USec"
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_mschap (mschap): using internal authentication
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius"
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_sql (sql): Initialising connection pool
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst)
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: #
>>>>>>>> Skipping contents of 'if' as it is always 'false' --
>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> radiusd: #### Skipping IP addresses and Ports ####
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> Configuration appears to be OK
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_rest (rest): Removing connection pool
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]:
>>>>>>>> rlm_sql (sql): Removing connection pool
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]:
>>>>>>>> freeradius.service: Control process exited, code=exited status=1
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed to
>>>>>>>> start FreeRADIUS multi-protocol policy server.
>>>>>>>> -- Subject: Unit freeradius.service has failed
>>>>>>>> -- Defined-By: systemd
>>>>>>>> -- Support:
>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>>>>>>>> --
>>>>>>>> -- Unit freeradius.service has failed.
>>>>>>>> --
>>>>>>>> -- The result is failed.
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]:
>>>>>>>> freeradius.service: Unit entered failed state.
>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]:
>>>>>>>> freeradius.service: Failed with result 'exit-code'.
>>>>>>>>
>>>>>>>> When I run:
>>>>>>>>
>>>>>>>> freeradius -X
>>>>>>>>
>>>>>>>> I get:
>>>>>>>>
>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 pending
>>>>>>>> slots used
>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007";
>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server
>>>>>>>> rlm_rest (rest): Opening connection failed (0)
>>>>>>>> rlm_rest (rest): Removing connection pool
>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for
>>>>>>>> module "rest"
>>>>>>>>
>>>>>>>> I tried to look it up on the internet but cant seem to solve it.
>>>>>>>>
>>>>>>>> Any help is appreciated. Thanks
>>>>>>>>
>>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "OpenWISP" group.
>>>>>>
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>>> an email to [email protected].
>>>>>
>>>>>
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OpenWISP" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "OpenWISP" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
