Hi Federico, I solved the eap error by running
make in /etc/freeradius/certs. Now after I run service freeradius restart I get this in my journalctl -xe Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql (sql): Initialising connection pool Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Ignoring "ldap" (see raddb/mods-available/README.rst) Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-ena Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: radiusd: #### Skipping IP addresses and Ports #### Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Configuration appears to be OK Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_rest (rest): Removing connection pool Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql (sql): Removing connection pool Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: freeradius.service: Control process exited, code=exited status=1 Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: Failed to start FreeRADIUS multi-protocol policy server. and this when i run freeradius -X rlm_rest (rest): Opening additional connection (0), 1 of 32 pending slots used rlm_rest (rest): Connecting to "http://127.0.0.1:8000"; rlm_rest (rest): Connection failed: 7 - Couldn't connect to server rlm_rest (rest): Opening connection failed (0) rlm_rest (rest): Removing connection pool /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module "rest" I dont understand the "couldnt connect to server" part... Isn't the freeradius server itself is supposed to run on that address? What is it trying to connect to? I could not find anything related to starting another server in the freeradius config part of the django-freeradius docs <https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> I am currently using the development environment. Thanks. On Friday, December 7, 2018 at 9:50:05 PM UTC+5:30, Yash Jipkate wrote: > > Here's the authorize section: > > authorize { > update control { &REST-HTTP-Header += "${...api_token_header}" } > rest > sql > dailycounter > noresetcounter > dailybandwidthcounter > } > > > Thanks. > > On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano wrote: >> >> Sorry I forgot to ask for the authorize section which is the most >> important part. >> >> Fed >> >> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <[email protected]> wrote: >> >>> These are the sections from sites-enabled/default: >>> >>> - authenticate >>> authenticate {} >>> >>> - post-auth >>> post-auth { >>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>> rest >>> >>> Post-Auth-Type REJECT { >>> update control { &REST-HTTP-Header += >>> "${....api_token_header}" } >>> rest >>> } >>> } >>> >>> >>> - accounting >>> accounting { >>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>> rest >>> } >>> >>> >>> - preacct >>> preacct { >>> preprocess >>> >>> # >>> # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets >>> # into a single 64bit counter Acct-[Input|Output]-Octets64. >>> # >>> # acct_counters64 >>> >>> # >>> # Session start times are *implied* in RADIUS. >>> # The NAS never sends a "start time". Instead, it sends >>> # a start packet, *possibly* with an Acct-Delay-Time. >>> # The server is supposed to conclude that the start time >>> # was "Acct-Delay-Time" seconds in the past. >>> # >>> # The code below creates an explicit start time, which can >>> # then be used in other modules. It will be *mostly* correct. >>> # Any errors are due to the 1-second resolution of RADIUS, >>> # and the possibility that the time on the NAS may be off. >>> # >>> # The start time is: NOW - delay - session_length >>> # >>> >>> # update request { >>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - >>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" >>> # } >>> >>> >>> # >>> # Ensure that we have a semi-unique identifier for every >>> # request, and many NAS boxes are broken. >>> acct_unique >>> >>> # >>> # Look for IPASS-style 'realm/', and if not found, look for >>> # '@realm', and decide whether or not to proxy, based on >>> # that. >>> # >>> # Accounting requests are generally proxied to the same >>> # home server as authentication requests. >>> # IPASS >>> suffix >>> # ntdomain >>> >>> # >>> # Read the 'acct_users' file >>> files >>> } >>> >>> >>> >>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico Capoano >>> wrote: >>> >>>> Could you share the following sections of your config? >>>> >>>> - authenticate >>>> - post-auth >>>> - accounting >>>> - preacct >>>> >>>> >>>> >>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <[email protected]> wrote: >>>> >>>>> No, I just followed the docs. Am I missing something in the config >>>>> files? >>>>> >>>>> Thanks >>>>> >>>>> >>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico Capoano >>>>> wrote: >>>>> >>>>>> That's a configuration issue related to "eap". Are you trying to >>>>>> configure EAP? >>>>>> >>>>>> Fed >>>>>> >>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <[email protected]> >>>>>> wrote: >>>>>> >>>>> Thanks Federico, >>>>>>> >>>>>>> The server is a development one and I have specified the port >>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed it >>>>>>> back >>>>>>> to 8000 after you pointed out but still no effect. >>>>>>> >>>>>>> Is freeradius sitting on the same host where >>>>>>>> django-freeradius/openwisp-radius is installed? >>>>>>> >>>>>>> >>>>>>> The host is 127.0.0.1 as specified in my >>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the >>>>>>> instructions >>>>>>> as in the docs as a root user. >>>>>>> >>>>>>> I tried purging and reinstalling freeradius and ended up with a new >>>>>>> error >>>>>>> >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >>>>>>> linked >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>> Creating attribute SQL-Group >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: Unable >>>>>>> to check file "/etc/freeradius/certs/dh": No such file or directory >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>> rlm_eap_tls: Failed initializing SSL context >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>> rlm_eap (EAP): Failed to initialise rlm_eap_tls >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for module >>>>>>> "eap" >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: >>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>> >>>>>>> Any idea of how it got here? >>>>>>> >>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico Capoano >>>>>>> wrote: >>>>>>>> >>>>>>>> As the log says, freeradius is trying to reac http://127.0.0.1:8007, >>>>>>>> this fails and hence it halts. To fix it you must ensure it can >>>>>>>> connect. >>>>>>>> >>>>>>> >>>>>>> >>>>>>> Is freeradius sitting on the same host where >>>>>>>> django-freeradius/openwisp-radius is installed? Is this a production >>>>>>>> or >>>>>>>> development environment? >>>>>>>> >>>>>>>> If it's a production environment, the URL http://127.0.0.1:8007 is >>>>>>>> likely wrong. >>>>>>>> If it's a development environment, either the development server is >>>>>>>> not started, or maybe is just because unless you changed the port of >>>>>>>> the >>>>>>>> development server, the port is 8000, so the URL should be >>>>>>>> http://127.0.0.1:8000 >>>>>>>> >>>>>>>> I hope it helps >>>>>>>> Federico >>>>>>>> >>>>>>>> >>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate wrote: >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I am currently started to work on the django-freeradius project. I >>>>>>>>> am facing some problems in setting up the freeradius server... >>>>>>>>> >>>>>>>>> when I run >>>>>>>>> journalctl -xe >>>>>>>>> >>>>>>>>> >>>>>>>>> the output I get is: >>>>>>>>> >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check item >>>>>>>>> "FreeRADIUS-Response-Delay-USec" >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_mschap (mschap): using internal authentication >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24 >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius" >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_sql (sql): Initialising connection pool >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst) >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: # >>>>>>>>> Skipping contents of 'if' as it is always 'false' -- >>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331 >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> radiusd: #### Skipping IP addresses and Ports #### >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> Configuration appears to be OK >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>> rlm_sql (sql): Removing connection pool >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>> -- Defined-By: systemd >>>>>>>>> -- Support: >>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>>>>>> -- >>>>>>>>> -- Unit freeradius.service has failed. >>>>>>>>> -- >>>>>>>>> -- The result is failed. >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>> freeradius.service: Unit entered failed state. >>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>> freeradius.service: Failed with result 'exit-code'. >>>>>>>>> >>>>>>>>> When I run: >>>>>>>>> >>>>>>>>> freeradius -X >>>>>>>>> >>>>>>>>> I get: >>>>>>>>> >>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 >>>>>>>>> pending slots used >>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007"; >>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server >>>>>>>>> rlm_rest (rest): Opening connection failed (0) >>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for >>>>>>>>> module "rest" >>>>>>>>> >>>>>>>>> I tried to look it up on the internet but cant seem to solve it. >>>>>>>>> >>>>>>>>> Any help is appreciated. Thanks >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "OpenWISP" group. >>>>>>> >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>> >>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "OpenWISP" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
