Sure that's the perfect way to start. Fed
On Tue, Dec 11, 2018 at 10:03 AM Yash Jipkate <[email protected]> wrote: > Hi Fed, > > Thanks for your response. > > Also I am interested in making contributions to the project so can I start > with a small issue like this doc issue? > > Thanks. > > On Tue, 11 Dec 2018, 2:21 pm Federico Capoano <[email protected] > wrote: > >> PS: I opened an issue with a reminder to make the documentation more >> explicit about the fact that the django application (if in prod) or >> development server (if in dev mode) must be running before freeradius is >> started (otherwise the rml_rest module of freeradius will halt the startup >> because it can't connect to the OpenWISP API): >> https://github.com/openwisp/django-freeradius/issues/223 >> >> I hope to be able to address that as well as other docs improvement in >> the next months. As usual, contributions to the docs are always very >> welcome and I encourage everyone reading here to try and help in order to >> move the project forward. >> >> Federico >> >> On Tue, Dec 11, 2018 at 9:22 AM Federico Capoano < >> [email protected]> wrote: >> >>> Glad you solved it, I couldn't reply because we are still finishing the >>> Google Code In and these last days have been crazy. >>> >>> Fed >>> >>> >>> Il mar 11 dic 2018, 08:57 Yash Jipkate <[email protected]> ha >>> scritto: >>> >>>> Ok now I get it... I had some conceptual issues. >>>> >>>> Thanks for your time. >>>> >>>> >>>> On Saturday, December 8, 2018 at 12:32:58 PM UTC+5:30, Yash Jipkate >>>> wrote: >>>>> >>>>> Hi Federico, >>>>> >>>>> I solved the eap error by running >>>>> >>>>> make >>>>> >>>>> in /etc/freeradius/certs. >>>>> >>>>> Now after I run >>>>> >>>>> service freeradius restart >>>>> >>>>> I get this in my journalctl -xe >>>>> >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>>>> (sql): Initialising connection pool >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Ignoring >>>>> "ldap" (see raddb/mods-available/README.rst) >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: # >>>>> Skipping contents of 'if' as it is always 'false' -- >>>>> /etc/freeradius/sites-ena >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: radiusd: >>>>> #### Skipping IP addresses and Ports #### >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: >>>>> Configuration appears to be OK >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_rest >>>>> (rest): Removing connection pool >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>>>> (sql): Removing connection pool >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: >>>>> freeradius.service: Control process exited, code=exited status=1 >>>>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: Failed to start >>>>> FreeRADIUS multi-protocol policy server. >>>>> >>>>> >>>>> and this when i run freeradius -X >>>>> >>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 pending >>>>> slots used >>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8000"; >>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server >>>>> rlm_rest (rest): Opening connection failed (0) >>>>> rlm_rest (rest): Removing connection pool >>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module >>>>> "rest" >>>>> >>>>> I dont understand the "couldnt connect to server" part... Isn't the >>>>> freeradius server itself is supposed to run on that address? What is it >>>>> trying to connect to? I could not find anything related to starting >>>>> another >>>>> server in the freeradius config part of the django-freeradius docs >>>>> <https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> >>>>> I am currently using the development environment. >>>>> >>>>> Thanks. >>>>> >>>>> >>>>> On Friday, December 7, 2018 at 9:50:05 PM UTC+5:30, Yash Jipkate wrote: >>>>>> >>>>>> Here's the authorize section: >>>>>> >>>>>> authorize { >>>>>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>>>>> rest >>>>>> sql >>>>>> dailycounter >>>>>> noresetcounter >>>>>> dailybandwidthcounter >>>>>> } >>>>>> >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano >>>>>> wrote: >>>>>>> >>>>>>> Sorry I forgot to ask for the authorize section which is the most >>>>>>> important part. >>>>>>> >>>>>>> Fed >>>>>>> >>>>>>> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> These are the sections from sites-enabled/default: >>>>>>>> >>>>>>>> - authenticate >>>>>>>> authenticate {} >>>>>>>> >>>>>>>> - post-auth >>>>>>>> post-auth { >>>>>>>> update control { &REST-HTTP-Header += >>>>>>>> "${...api_token_header}" } >>>>>>>> rest >>>>>>>> >>>>>>>> Post-Auth-Type REJECT { >>>>>>>> update control { &REST-HTTP-Header += >>>>>>>> "${....api_token_header}" } >>>>>>>> rest >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> - accounting >>>>>>>> accounting { >>>>>>>> update control { &REST-HTTP-Header += >>>>>>>> "${...api_token_header}" } >>>>>>>> rest >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> - preacct >>>>>>>> preacct { >>>>>>>> preprocess >>>>>>>> >>>>>>>> # >>>>>>>> # Merge Acct-[Input|Output]-Gigawords and >>>>>>>> Acct-[Input-Output]-Octets >>>>>>>> # into a single 64bit counter Acct-[Input|Output]-Octets64. >>>>>>>> # >>>>>>>> # acct_counters64 >>>>>>>> >>>>>>>> # >>>>>>>> # Session start times are *implied* in RADIUS. >>>>>>>> # The NAS never sends a "start time". Instead, it sends >>>>>>>> # a start packet, *possibly* with an Acct-Delay-Time. >>>>>>>> # The server is supposed to conclude that the start time >>>>>>>> # was "Acct-Delay-Time" seconds in the past. >>>>>>>> # >>>>>>>> # The code below creates an explicit start time, which can >>>>>>>> # then be used in other modules. It will be *mostly* correct. >>>>>>>> # Any errors are due to the 1-second resolution of RADIUS, >>>>>>>> # and the possibility that the time on the NAS may be off. >>>>>>>> # >>>>>>>> # The start time is: NOW - delay - session_length >>>>>>>> # >>>>>>>> >>>>>>>> # update request { >>>>>>>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - >>>>>>>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" >>>>>>>> # } >>>>>>>> >>>>>>>> >>>>>>>> # >>>>>>>> # Ensure that we have a semi-unique identifier for every >>>>>>>> # request, and many NAS boxes are broken. >>>>>>>> acct_unique >>>>>>>> >>>>>>>> # >>>>>>>> # Look for IPASS-style 'realm/', and if not found, look for >>>>>>>> # '@realm', and decide whether or not to proxy, based on >>>>>>>> # that. >>>>>>>> # >>>>>>>> # Accounting requests are generally proxied to the same >>>>>>>> # home server as authentication requests. >>>>>>>> # IPASS >>>>>>>> suffix >>>>>>>> # ntdomain >>>>>>>> >>>>>>>> # >>>>>>>> # Read the 'acct_users' file >>>>>>>> files >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico >>>>>>>> Capoano wrote: >>>>>>>> >>>>>>>>> Could you share the following sections of your config? >>>>>>>>> >>>>>>>>> - authenticate >>>>>>>>> - post-auth >>>>>>>>> - accounting >>>>>>>>> - preacct >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> No, I just followed the docs. Am I missing something in the >>>>>>>>>> config files? >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico >>>>>>>>>> Capoano wrote: >>>>>>>>>> >>>>>>>>>>> That's a configuration issue related to "eap". Are you trying to >>>>>>>>>>> configure EAP? >>>>>>>>>>> >>>>>>>>>>> Fed >>>>>>>>>>> >>>>>>>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>> Thanks Federico, >>>>>>>>>>>> >>>>>>>>>>>> The server is a development one and I have specified the port >>>>>>>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed >>>>>>>>>>>> it back >>>>>>>>>>>> to 8000 after you pointed out but still no effect. >>>>>>>>>>>> >>>>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>>>> django-freeradius/openwisp-radius is installed? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> The host is 127.0.0.1 as specified in my >>>>>>>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the >>>>>>>>>>>> instructions >>>>>>>>>>>> as in the docs as a root user. >>>>>>>>>>>> >>>>>>>>>>>> I tried purging and reinstalling freeradius and ended up with a >>>>>>>>>>>> new error >>>>>>>>>>>> >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded >>>>>>>>>>>> and linked >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> Creating attribute SQL-Group >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> Unable to check file "/etc/freeradius/certs/dh": No such file or >>>>>>>>>>>> directory >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> rlm_eap_tls: Failed initializing SSL context >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> rlm_eap (EAP): Failed to initialise rlm_eap_tls >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for >>>>>>>>>>>> module "eap" >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed >>>>>>>>>>>> to start FreeRADIUS multi-protocol policy server. >>>>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>>>> >>>>>>>>>>>> Any idea of how it got here? >>>>>>>>>>>> >>>>>>>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico >>>>>>>>>>>> Capoano wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> As the log says, freeradius is trying to reac >>>>>>>>>>>>> http://127.0.0.1:8007, this fails and hence it halts. To fix >>>>>>>>>>>>> it you must ensure it can connect. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>>>> django-freeradius/openwisp-radius is installed? Is this a >>>>>>>>>>>>> production or >>>>>>>>>>>>> development environment? >>>>>>>>>>>>> >>>>>>>>>>>>> If it's a production environment, the URL >>>>>>>>>>>>> http://127.0.0.1:8007 is likely wrong. >>>>>>>>>>>>> If it's a development environment, either the development >>>>>>>>>>>>> server is not started, or maybe is just because unless you >>>>>>>>>>>>> changed the port >>>>>>>>>>>>> of the development server, the port is 8000, so the URL should be >>>>>>>>>>>>> http://127.0.0.1:8000 >>>>>>>>>>>>> >>>>>>>>>>>>> I hope it helps >>>>>>>>>>>>> Federico >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I am currently started to work on the django-freeradius >>>>>>>>>>>>>> project. I am facing some problems in setting up the freeradius >>>>>>>>>>>>>> server... >>>>>>>>>>>>>> >>>>>>>>>>>>>> when I run >>>>>>>>>>>>>> journalctl -xe >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> the output I get is: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check >>>>>>>>>>>>>> item >>>>>>>>>>>>>> "FreeRADIUS-Response-Delay-USec" >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_mschap (mschap): using internal authentication >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24 >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius" >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_sql (sql): Initialising connection pool >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst) >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o >>>>>>>>>>>>>> freeradius[10549]: # Skipping contents of 'if' as it is always >>>>>>>>>>>>>> 'false' -- >>>>>>>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331 >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> radiusd: #### Skipping IP addresses and Ports #### >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> Configuration appears to be OK >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>>>> rlm_sql (sql): Removing connection pool >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed >>>>>>>>>>>>>> to start FreeRADIUS multi-protocol policy server. >>>>>>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>>>>>> -- Defined-By: systemd >>>>>>>>>>>>>> -- Support: >>>>>>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> -- Unit freeradius.service has failed. >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> -- The result is failed. >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>>> freeradius.service: Unit entered failed state. >>>>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>>>> freeradius.service: Failed with result 'exit-code'. >>>>>>>>>>>>>> >>>>>>>>>>>>>> When I run: >>>>>>>>>>>>>> >>>>>>>>>>>>>> freeradius -X >>>>>>>>>>>>>> >>>>>>>>>>>>>> I get: >>>>>>>>>>>>>> >>>>>>>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 >>>>>>>>>>>>>> pending slots used >>>>>>>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007"; >>>>>>>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to >>>>>>>>>>>>>> server >>>>>>>>>>>>>> rlm_rest (rest): Opening connection failed (0) >>>>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed >>>>>>>>>>>>>> for module "rest" >>>>>>>>>>>>>> >>>>>>>>>>>>>> I tried to look it up on the internet but cant seem to solve >>>>>>>>>>>>>> it. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any help is appreciated. Thanks >>>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "OpenWISP" group. >>>>>>>>>>>> >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "OpenWISP" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "OpenWISP" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "OpenWISP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
