Hi Andi,
These realms are coming from conf/realm.conf.defaults and they are now
built-in realms.
Any options you had for the realms in that file need to be ported into
the PacketFence configuration (editing it from the admin takes care of
handling what comes from the defaults and what is specific to your setup)
In your case, just add the following to the default realm options:
auth_pool = eduroam
nostrip
Cheers
- Julien
On 2017-01-03 11:26 AM, Morris, Andi wrote:
Hi all,
upgrading my 6.2.1 to 6.4 running CentOS 7.3.1611 release today has
resulted in my radiusd and radiusd-acct services not starting.
Firstly I was getting the following error:
service|command
httpd.admin|already started
Checking configuration sanity...
WARNING - Cannot open the following certificate
%%install_dir%%/raddb/certs/pfenceha.crt
radiusd-acct|not started
radiusd|not started
so I found the line in eap.conf and edited so it showed:
certificate_file = [% install_dir %]/raddb/certs/pfenceha.crt
after reloading the config and restarting the pf services I no longer
see the error, however the radius services will still not start.
Running radiusd –X –d /usr/local/pf/raddb I could see the debug
bombing out because the default realm was being declared twice:
----snip-----
/ mrc = 5/
/ mrd = 30/
/ }/
/}/
/WARNING: Ignoring "response_window = 30.000000", forcing to
"response_window = 10.000000"/
/home_server_pool my_auth_failover {/
/ type = fail-over/
/ home_server = localhost/
/}/
/realm example.com {/
/ auth_pool = my_auth_failover/
/}/
/realm default {/
/}/
/realm local {/
/}/
/realm null {/
/}/
/realm cardiffmet.ac.uk {/
/ authhost = LOCAL/
/ accthost = LOCAL/
/}/
/realm uwic.ac.uk {/
/ authhost = LOCAL/
/ accthost = LOCAL/
/}/
/home_server_pool eduroam {/
/ type = client-balance/
/ home_server = orps03.cardiffmet.ac.uk/
/ home_server = orps04.cardiffmet.ac.uk/
/}/
/realm DEFAULT {/
/ auth_pool = eduroam/
/ nostrip/
/} # realm DEFAULT/
----snip----
Further investigating showed that this is being pulled from
raddb/proxy.conf.inc:
# This file is generated from a template at
/usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart
# Eduroam integration is not configured
realm default {
}
realm local {
}
realm null {
}
home_server orps03.cardiffmet.ac.uk {
type = auth
ipaddr = 193.62.96.44
port = 1812
secret = *************
require_message_authenticator = yes
}
home_server orps04.cardiffmet.ac.uk {
type = auth
ipaddr = 193.62.96.45
port = 1812
secret = **************
require_message_authenticator = yes
}
home_server_pool eduroam {
type = client-balance
home_server = orps03.cardiffmet.ac.uk
home_server = orps04.cardiffmet.ac.uk
}
realm cardiffmet.ac.uk {
authhost=LOCAL
accthost=LOCAL
}
realm uwic.ac.uk {
authhost=LOCAL
accthost=LOCAL
}
realm DEFAULT {
auth_pool = eduroam
nostrip
}
However, as this file is generated on the fly, I don’t know where
these initial realm declarations are coming from! I’ve tried removing
the reference to those three domains in the admin GUI under
config/radius/realms, but they still reappear after reloading the
config and restarting the services.
It's probably worth noting that this is an eduroam config, but not
using the packetfence built in eduroam config (yet).
Cheers,
Andi
------------------------------------------------------------------------
Cardiff Metropolitan University - Queens Anniversary Prizes 2015
<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
