Hi Fed, Thanks for your response.
Also I am interested in making contributions to the project so can I start with a small issue like this doc issue? Thanks. On Tue, 11 Dec 2018, 2:21 pm Federico Capoano <[email protected] wrote: > PS: I opened an issue with a reminder to make the documentation more > explicit about the fact that the django application (if in prod) or > development server (if in dev mode) must be running before freeradius is > started (otherwise the rml_rest module of freeradius will halt the startup > because it can't connect to the OpenWISP API): > https://github.com/openwisp/django-freeradius/issues/223 > > I hope to be able to address that as well as other docs improvement in the > next months. As usual, contributions to the docs are always very welcome > and I encourage everyone reading here to try and help in order to move the > project forward. > > Federico > > On Tue, Dec 11, 2018 at 9:22 AM Federico Capoano < > [email protected]> wrote: > >> Glad you solved it, I couldn't reply because we are still finishing the >> Google Code In and these last days have been crazy. >> >> Fed >> >> >> Il mar 11 dic 2018, 08:57 Yash Jipkate <[email protected]> ha >> scritto: >> >>> Ok now I get it... I had some conceptual issues. >>> >>> Thanks for your time. >>> >>> >>> On Saturday, December 8, 2018 at 12:32:58 PM UTC+5:30, Yash Jipkate >>> wrote: >>>> >>>> Hi Federico, >>>> >>>> I solved the eap error by running >>>> >>>> make >>>> >>>> in /etc/freeradius/certs. >>>> >>>> Now after I run >>>> >>>> service freeradius restart >>>> >>>> I get this in my journalctl -xe >>>> >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>>> (sql): Initialising connection pool >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Ignoring >>>> "ldap" (see raddb/mods-available/README.rst) >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: # >>>> Skipping contents of 'if' as it is always 'false' -- >>>> /etc/freeradius/sites-ena >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: radiusd: >>>> #### Skipping IP addresses and Ports #### >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: >>>> Configuration appears to be OK >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_rest >>>> (rest): Removing connection pool >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>>> (sql): Removing connection pool >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: >>>> freeradius.service: Control process exited, code=exited status=1 >>>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: Failed to start >>>> FreeRADIUS multi-protocol policy server. >>>> >>>> >>>> and this when i run freeradius -X >>>> >>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 pending >>>> slots used >>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8000"; >>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server >>>> rlm_rest (rest): Opening connection failed (0) >>>> rlm_rest (rest): Removing connection pool >>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module >>>> "rest" >>>> >>>> I dont understand the "couldnt connect to server" part... Isn't the >>>> freeradius server itself is supposed to run on that address? What is it >>>> trying to connect to? I could not find anything related to starting another >>>> server in the freeradius config part of the django-freeradius docs >>>> <https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> >>>> I am currently using the development environment. >>>> >>>> Thanks. >>>> >>>> >>>> On Friday, December 7, 2018 at 9:50:05 PM UTC+5:30, Yash Jipkate wrote: >>>>> >>>>> Here's the authorize section: >>>>> >>>>> authorize { >>>>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>>>> rest >>>>> sql >>>>> dailycounter >>>>> noresetcounter >>>>> dailybandwidthcounter >>>>> } >>>>> >>>>> >>>>> Thanks. >>>>> >>>>> On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano >>>>> wrote: >>>>>> >>>>>> Sorry I forgot to ask for the authorize section which is the most >>>>>> important part. >>>>>> >>>>>> Fed >>>>>> >>>>>> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> These are the sections from sites-enabled/default: >>>>>>> >>>>>>> - authenticate >>>>>>> authenticate {} >>>>>>> >>>>>>> - post-auth >>>>>>> post-auth { >>>>>>> update control { &REST-HTTP-Header += >>>>>>> "${...api_token_header}" } >>>>>>> rest >>>>>>> >>>>>>> Post-Auth-Type REJECT { >>>>>>> update control { &REST-HTTP-Header += >>>>>>> "${....api_token_header}" } >>>>>>> rest >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> >>>>>>> - accounting >>>>>>> accounting { >>>>>>> update control { &REST-HTTP-Header += >>>>>>> "${...api_token_header}" } >>>>>>> rest >>>>>>> } >>>>>>> >>>>>>> >>>>>>> - preacct >>>>>>> preacct { >>>>>>> preprocess >>>>>>> >>>>>>> # >>>>>>> # Merge Acct-[Input|Output]-Gigawords and >>>>>>> Acct-[Input-Output]-Octets >>>>>>> # into a single 64bit counter Acct-[Input|Output]-Octets64. >>>>>>> # >>>>>>> # acct_counters64 >>>>>>> >>>>>>> # >>>>>>> # Session start times are *implied* in RADIUS. >>>>>>> # The NAS never sends a "start time". Instead, it sends >>>>>>> # a start packet, *possibly* with an Acct-Delay-Time. >>>>>>> # The server is supposed to conclude that the start time >>>>>>> # was "Acct-Delay-Time" seconds in the past. >>>>>>> # >>>>>>> # The code below creates an explicit start time, which can >>>>>>> # then be used in other modules. It will be *mostly* correct. >>>>>>> # Any errors are due to the 1-second resolution of RADIUS, >>>>>>> # and the possibility that the time on the NAS may be off. >>>>>>> # >>>>>>> # The start time is: NOW - delay - session_length >>>>>>> # >>>>>>> >>>>>>> # update request { >>>>>>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - >>>>>>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" >>>>>>> # } >>>>>>> >>>>>>> >>>>>>> # >>>>>>> # Ensure that we have a semi-unique identifier for every >>>>>>> # request, and many NAS boxes are broken. >>>>>>> acct_unique >>>>>>> >>>>>>> # >>>>>>> # Look for IPASS-style 'realm/', and if not found, look for >>>>>>> # '@realm', and decide whether or not to proxy, based on >>>>>>> # that. >>>>>>> # >>>>>>> # Accounting requests are generally proxied to the same >>>>>>> # home server as authentication requests. >>>>>>> # IPASS >>>>>>> suffix >>>>>>> # ntdomain >>>>>>> >>>>>>> # >>>>>>> # Read the 'acct_users' file >>>>>>> files >>>>>>> } >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico Capoano >>>>>>> wrote: >>>>>>> >>>>>>>> Could you share the following sections of your config? >>>>>>>> >>>>>>>> - authenticate >>>>>>>> - post-auth >>>>>>>> - accounting >>>>>>>> - preacct >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> No, I just followed the docs. Am I missing something in the config >>>>>>>>> files? >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> >>>>>>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico >>>>>>>>> Capoano wrote: >>>>>>>>> >>>>>>>>>> That's a configuration issue related to "eap". Are you trying to >>>>>>>>>> configure EAP? >>>>>>>>>> >>>>>>>>>> Fed >>>>>>>>>> >>>>>>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>> Thanks Federico, >>>>>>>>>>> >>>>>>>>>>> The server is a development one and I have specified the port >>>>>>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed >>>>>>>>>>> it back >>>>>>>>>>> to 8000 after you pointed out but still no effect. >>>>>>>>>>> >>>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>>> django-freeradius/openwisp-radius is installed? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> The host is 127.0.0.1 as specified in my >>>>>>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the >>>>>>>>>>> instructions >>>>>>>>>>> as in the docs as a root user. >>>>>>>>>>> >>>>>>>>>>> I tried purging and reinstalling freeradius and ended up with a >>>>>>>>>>> new error >>>>>>>>>>> >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded >>>>>>>>>>> and linked >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> Creating attribute SQL-Group >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> Unable to check file "/etc/freeradius/certs/dh": No such file or >>>>>>>>>>> directory >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> rlm_eap_tls: Failed initializing SSL context >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> rlm_eap (EAP): Failed to initialise rlm_eap_tls >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for >>>>>>>>>>> module "eap" >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>>> >>>>>>>>>>> Any idea of how it got here? >>>>>>>>>>> >>>>>>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico >>>>>>>>>>> Capoano wrote: >>>>>>>>>>>> >>>>>>>>>>>> As the log says, freeradius is trying to reac >>>>>>>>>>>> http://127.0.0.1:8007, this fails and hence it halts. To fix >>>>>>>>>>>> it you must ensure it can connect. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>>> django-freeradius/openwisp-radius is installed? Is this a >>>>>>>>>>>> production or >>>>>>>>>>>> development environment? >>>>>>>>>>>> >>>>>>>>>>>> If it's a production environment, the URL http://127.0.0.1:8007 >>>>>>>>>>>> is likely wrong. >>>>>>>>>>>> If it's a development environment, either the development >>>>>>>>>>>> server is not started, or maybe is just because unless you changed >>>>>>>>>>>> the port >>>>>>>>>>>> of the development server, the port is 8000, so the URL should be >>>>>>>>>>>> http://127.0.0.1:8000 >>>>>>>>>>>> >>>>>>>>>>>> I hope it helps >>>>>>>>>>>> Federico >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate >>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> I am currently started to work on the django-freeradius >>>>>>>>>>>>> project. I am facing some problems in setting up the freeradius >>>>>>>>>>>>> server... >>>>>>>>>>>>> >>>>>>>>>>>>> when I run >>>>>>>>>>>>> journalctl -xe >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> the output I get is: >>>>>>>>>>>>> >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check >>>>>>>>>>>>> item >>>>>>>>>>>>> "FreeRADIUS-Response-Delay-USec" >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_mschap (mschap): using internal authentication >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24 >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius" >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_sql (sql): Initialising connection pool >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst) >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> # Skipping contents of 'if' as it is always 'false' -- >>>>>>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331 >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> radiusd: #### Skipping IP addresses and Ports #### >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> Configuration appears to be OK >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>> rlm_sql (sql): Removing connection pool >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed >>>>>>>>>>>>> to start FreeRADIUS multi-protocol policy server. >>>>>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>>>>> -- Defined-By: systemd >>>>>>>>>>>>> -- Support: >>>>>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>>>>>>>>>> -- >>>>>>>>>>>>> -- Unit freeradius.service has failed. >>>>>>>>>>>>> -- >>>>>>>>>>>>> -- The result is failed. >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>> freeradius.service: Unit entered failed state. >>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>> freeradius.service: Failed with result 'exit-code'. >>>>>>>>>>>>> >>>>>>>>>>>>> When I run: >>>>>>>>>>>>> >>>>>>>>>>>>> freeradius -X >>>>>>>>>>>>> >>>>>>>>>>>>> I get: >>>>>>>>>>>>> >>>>>>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 >>>>>>>>>>>>> pending slots used >>>>>>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007"; >>>>>>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to >>>>>>>>>>>>> server >>>>>>>>>>>>> rlm_rest (rest): Opening connection failed (0) >>>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for >>>>>>>>>>>>> module "rest" >>>>>>>>>>>>> >>>>>>>>>>>>> I tried to look it up on the internet but cant seem to solve >>>>>>>>>>>>> it. >>>>>>>>>>>>> >>>>>>>>>>>>> Any help is appreciated. Thanks >>>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "OpenWISP" group. >>>>>>>>>>> >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>>> send an email to [email protected]. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "OpenWISP" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "OpenWISP" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "OpenWISP" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
