Can you also paste the file /usr/local/pf/raddb/auth.conf ?
Le 2018-01-03 à 16:52, Auger, Ivan (ITS) via PacketFence-users a écrit :
>
> Here you go:
>
>
>
> [root@esppkfence ~]# /usr/local/pf/bin/pfcmd service radiusd
> generateconfig
>
> service|command
>
> radiusd-acct|config generated
>
> radiusd-auth|config generated
>
> [root@esppkfence ~]# /usr/sbin/radiusd -d /usr/local/pf/raddb -n auth
> -fxx -l stdout
>
> FreeRADIUS Version 3.1.0
>
> Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
>
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
>
> PARTICULAR PURPOSE
>
> You may redistribute copies of FreeRADIUS under the terms of the
>
> GNU General Public License
>
> For more information about these matters, see the file named COPYRIGHT
>
> Starting - reading configuration files ...
>
> including dictionary file /usr/share/freeradius/dictionary
>
> including dictionary file /usr/share/freeradius/dictionary.dhcp
>
> including dictionary file /usr/share/freeradius/dictionary.vqp
>
> including dictionary file /usr/local/pf/raddb/dictionary
>
> including configuration file /usr/local/pf/raddb/auth.conf
>
> including configuration file /usr/local/pf/raddb/radiusd.conf
>
> including configuration file /usr/local/pf/raddb/proxy.conf
>
> including configuration file /usr/local/pf/raddb/proxy.conf.inc
>
> including configuration file /usr/local/pf/raddb/clients.conf
>
> including configuration file /usr/local/pf/raddb/clients.conf.inc
>
> including files in directory /usr/local/pf/raddb/mods-enabled/
>
> including configuration file /usr/local/pf/raddb/mods-enabled/always
>
> including configuration file /usr/local/pf/raddb/mods-enabled/attr_filter
>
> including configuration file /usr/local/pf/raddb/mods-enabled/cache_eap
>
> including configuration file /usr/local/pf/raddb/mods-enabled/cache_ntlm
>
> including configuration file
> /usr/local/pf/raddb/mods-enabled/cache_password
>
> including configuration file /usr/local/pf/raddb/mods-enabled/chap
>
> including configuration file /usr/local/pf/raddb/mods-enabled/detail
>
> including configuration file /usr/local/pf/raddb/mods-enabled/detail.log
>
> including configuration file /usr/local/pf/raddb/mods-enabled/digest
>
> including configuration file
> /usr/local/pf/raddb/mods-enabled/dynamic_clients
>
> including configuration file /usr/local/pf/raddb/mods-enabled/eap
>
> including configuration file /usr/local/pf/raddb/mods-enabled/echo
>
> including configuration file /usr/local/pf/raddb/mods-enabled/exec
>
> including configuration file /usr/local/pf/raddb/mods-enabled/expiration
>
> including configuration file /usr/local/pf/raddb/mods-enabled/expr
>
> including configuration file /usr/local/pf/raddb/mods-enabled/files
>
> including configuration file /usr/local/pf/raddb/mods-enabled/linelog
>
> including configuration file /usr/local/pf/raddb/mods-enabled/logintime
>
> including configuration file /usr/local/pf/raddb/mods-enabled/mschap
>
> including configuration file /usr/local/pf/raddb/mods-enabled/ntlm_auth
>
> including configuration file /usr/local/pf/raddb/mods-enabled/pap
>
> including configuration file /usr/local/pf/raddb/mods-enabled/passwd
>
> including configuration file /usr/local/pf/raddb/mods-enabled/perl
>
> including configuration file /usr/local/pf/raddb/mods-enabled/preprocess
>
> including configuration file /usr/local/pf/raddb/mods-enabled/radutmp
>
> including configuration file /usr/local/pf/raddb/mods-enabled/raw
>
> including configuration file /usr/local/pf/raddb/mods-enabled/realm
>
> including configuration file /usr/local/pf/raddb/mods-enabled/redis
>
> including configuration file /usr/local/pf/raddb/mods-enabled/replicate
>
> including configuration file /usr/local/pf/raddb/mods-enabled/rest
>
> including configuration file /usr/local/pf/raddb/mods-enabled/soh
>
> including configuration file /usr/local/pf/raddb/mods-enabled/sql
>
> including configuration file
> /usr/local/pf/raddb/mods-config/sql/main/mysql/queries.conf
>
> including configuration file
> /usr/local/pf/raddb/mods-config/sql/main/mysql/reject.conf
>
> including configuration file /usr/local/pf/raddb/mods-enabled/sradutmp
>
> including configuration file /usr/local/pf/raddb/mods-enabled/unix
>
> including configuration file /usr/local/pf/raddb/mods-enabled/unpack
>
> including configuration file /usr/local/pf/raddb/mods-enabled/utf8
>
> including files in directory /usr/local/pf/raddb/policy.d/
>
> including configuration file /usr/local/pf/raddb/policy.d/abfab-tr
>
> including configuration file /usr/local/pf/raddb/policy.d/accounting
>
> including configuration file /usr/local/pf/raddb/policy.d/canonicalization
>
> including configuration file /usr/local/pf/raddb/policy.d/control
>
> including configuration file /usr/local/pf/raddb/policy.d/cui
>
> including configuration file /usr/local/pf/raddb/policy.d/debug
>
> including configuration file /usr/local/pf/raddb/policy.d/dhcp
>
> including configuration file /usr/local/pf/raddb/policy.d/eap
>
> including configuration file /usr/local/pf/raddb/policy.d/filter
>
> including configuration file /usr/local/pf/raddb/policy.d/operator-name
>
> including configuration file /usr/local/pf/raddb/policy.d/packetfence
>
> including files in directory /usr/local/pf/raddb/sites-enabled/
>
> including configuration file
> /usr/local/pf/raddb/sites-enabled/dynamic-clients
>
> including configuration file /usr/local/pf/raddb/sites-enabled/packetfence
>
> including configuration file
> /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
>
> including configuration file
> /usr/local/pf/raddb/sites-enabled/packetfence-cli
>
> main {
>
> security {
>
> user = "pf"
>
> group = "pf"
>
> allow_core_dumps = no
>
> }
>
> name = "radiusd"
>
> prefix = "/usr"
>
> localstatedir = "/usr/local/pf/var"
>
> logdir = "/usr/local/pf/logs"
>
> run_dir = "/usr/local/pf/var/run"
>
> }
>
> main {
>
> name = "radiusd"
>
> prefix = "/usr"
>
> localstatedir = "/usr/local/pf/var"
>
> sbindir = "/usr/sbin"
>
> logdir = "/usr/local/pf/logs"
>
> run_dir = "/usr/local/pf/var/run"
>
> libdir = "/usr/lib64/freeradius"
>
> radacctdir = "/usr/local/pf/logs/radacct"
>
> hostname_lookups = no
>
> max_request_time = 10
>
> cleanup_delay = 5
>
> continuation_timeout = 15
>
> max_requests = 20000
>
> pidfile = "/usr/local/pf/var/run/radiusd.pid"
>
> checkrad = "/usr/sbin/checkrad"
>
> debug_level = 0
>
> proxy_requests = yes
>
> log {
>
> stripped_names = no
>
> auth = yes
>
> auth_badpass = no
>
> auth_goodpass = no
>
> colourise = yes
>
> msg_denied = "You are already logged in - access denied"
>
> }
>
> resources {
>
> }
>
> security {
>
> max_attributes = 200
>
> reject_delay = 1.000000
>
> status_server = yes
>
> allow_vulnerable_openssl = "yes"
>
> }
>
> }
>
> auth: #### Loading Realms and Home Servers ####
>
> proxy server {
>
> retry_delay = 5
>
> retry_count = 3
>
> default_fallback = no
>
> dead_time = 120
>
> wake_all_if_all_dead = no
>
> }
>
> home_server localhost {
>
> ipaddr = 127.0.0.1
>
> port = 1812
>
> type = "auth"
>
> secret = <<< secret >>>
>
> response_window = 20.000000
>
> response_timeouts = 1
>
> max_outstanding = 65536
>
> zombie_period = 40
>
> status_check = "status-server"
>
> ping_interval = 30
>
> check_interval = 30
>
> check_timeout = 4
>
> num_answers_to_alive = 3
>
> revive_interval = 120
>
> limit {
>
> max_connections = 16
>
> max_requests = 0
>
> lifetime = 0
>
> idle_timeout = 0
>
> }
>
> coa {
>
> irt = 2
>
> mrt = 16
>
> mrc = 5
>
> mrd = 30
>
> }
>
> }
>
> Ignoring "response_window = 20.000000", forcing to "response_window =
> 10.000000"
>
> home_server_pool my_auth_failover {
>
> type = fail-over
>
> home_server = localhost
>
> }
>
> realm example.com {
>
> auth_pool = my_auth_failover
>
> }
>
> realm default {
>
> }
>
> realm local {
>
> }
>
> realm null {
>
> }
>
> auth: #### Loading Clients ####
>
> client localhost {
>
> ipaddr = 127.0.0.1
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> nas_type = "other"
>
> proto = "*"
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> client localhost_ipv6 {
>
> ipv6addr = ::1
>
> require_message_authenticator = no
>
> secret = <<< secret >>>
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> }
>
> client dynamic {
>
> ipaddr = 0.0.0.0/0
>
> require_message_authenticator = no
>
> limit {
>
> max_connections = 16
>
> lifetime = 0
>
> idle_timeout = 30
>
> }
>
> dynamic_clients = "dynamic_clients"
>
> lifetime = 300
>
> }
>
> *Debugger not attached*
>
> thread pool {
>
> start_servers = 0
>
> max_servers = 64
>
> min_spare_servers = 3
>
> max_spare_servers = 10
>
> max_requests_per_server = 0
>
> cleanup_delay = 5
>
> max_queue_size = 65536
>
> auto_limit_acct = no
>
> }
>
> /usr/local/pf/raddb/auth.conf[6]: Listeners of type 'auth' MUST be
> defined in a server.
>
> [root@esppkfence ~]#
>
>
>
> *Ivan Auger*
>
> Asst Dir Inf Tech Serv 1
>
>
>
> *Office of Information Technology Services*
>
> Biggs Lab, D280, Albany NY 12201
>
> *p:* (518) 473-0773 | *c:* (518) 300-0439 | [email protected]
> <mailto:[email protected]>
>
>
>
>
>
> *From:*Fabrice Durand via PacketFence-users
> [mailto:[email protected]]
> *Sent:* Wednesday, January 03, 2018 10:11 AM
> *To:* [email protected]
> *Cc:* Fabrice Durand <[email protected]>
> *Subject:* Re: [PacketFence-users] packetfence 7.3 configuration
> wizard - radius?
>
>
>
> /ATTENTION: This email came from an external source. Do not open
> attachments or click on links from unknown senders or unexpected emails./
>
> Hello Ivan,
>
> what you can do is the following:
>
> /usr/local/pf/bin/pfcmd service radiusd generateconfig
>
> /usr/sbin/radiusd -d /usr/local/pf/raddb -n auth -fxx -l stdout
>
> And paste the debug if the service is not able to start.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2018-01-03 à 09:31, Auger, Ivan (ITS) via PacketFence-users a écrit :
>
> Selected radius enforcement in configuration wizard – radius does
> not start in last step – everything else starts. Is there
> something additional that needs to be defined in
> /usr/local/pf/conf/pf.conf or in /usr/local/pf/conf/raddb template
> directory?
>
>
>
> Thanks….
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
> <mailto:[email protected]>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice Durand
> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) ::
> www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
