Ok now I get it... I had some conceptual issues. Thanks for your time.
On Saturday, December 8, 2018 at 12:32:58 PM UTC+5:30, Yash Jipkate wrote: > > Hi Federico, > > I solved the eap error by running > > make > > in /etc/freeradius/certs. > > Now after I run > > service freeradius restart > > I get this in my journalctl -xe > > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql > (sql): Initialising connection pool > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Ignoring > "ldap" (see raddb/mods-available/README.rst) > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: # Skipping > contents of 'if' as it is always 'false' -- /etc/freeradius/sites-ena > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: radiusd: > #### Skipping IP addresses and Ports #### > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: > Configuration appears to be OK > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_rest > (rest): Removing connection pool > Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql > (sql): Removing connection pool > Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: freeradius.service: > Control process exited, code=exited status=1 > Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: Failed to start > FreeRADIUS multi-protocol policy server. > > > and this when i run freeradius -X > > rlm_rest (rest): Opening additional connection (0), 1 of 32 pending slots > used > rlm_rest (rest): Connecting to "http://127.0.0.1:8000"; > rlm_rest (rest): Connection failed: 7 - Couldn't connect to server > rlm_rest (rest): Opening connection failed (0) > rlm_rest (rest): Removing connection pool > /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module > "rest" > > I dont understand the "couldnt connect to server" part... Isn't the > freeradius server itself is supposed to run on that address? What is it > trying to connect to? I could not find anything related to starting another > server in the freeradius config part of the django-freeradius docs > <https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> > I am currently using the development environment. > > Thanks. > > > On Friday, December 7, 2018 at 9:50:05 PM UTC+5:30, Yash Jipkate wrote: >> >> Here's the authorize section: >> >> authorize { >> update control { &REST-HTTP-Header += "${...api_token_header}" } >> rest >> sql >> dailycounter >> noresetcounter >> dailybandwidthcounter >> } >> >> >> Thanks. >> >> On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano >> wrote: >>> >>> Sorry I forgot to ask for the authorize section which is the most >>> important part. >>> >>> Fed >>> >>> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <[email protected]> wrote: >>> >>>> These are the sections from sites-enabled/default: >>>> >>>> - authenticate >>>> authenticate {} >>>> >>>> - post-auth >>>> post-auth { >>>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>>> rest >>>> >>>> Post-Auth-Type REJECT { >>>> update control { &REST-HTTP-Header += >>>> "${....api_token_header}" } >>>> rest >>>> } >>>> } >>>> >>>> >>>> - accounting >>>> accounting { >>>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>>> rest >>>> } >>>> >>>> >>>> - preacct >>>> preacct { >>>> preprocess >>>> >>>> # >>>> # Merge Acct-[Input|Output]-Gigawords and >>>> Acct-[Input-Output]-Octets >>>> # into a single 64bit counter Acct-[Input|Output]-Octets64. >>>> # >>>> # acct_counters64 >>>> >>>> # >>>> # Session start times are *implied* in RADIUS. >>>> # The NAS never sends a "start time". Instead, it sends >>>> # a start packet, *possibly* with an Acct-Delay-Time. >>>> # The server is supposed to conclude that the start time >>>> # was "Acct-Delay-Time" seconds in the past. >>>> # >>>> # The code below creates an explicit start time, which can >>>> # then be used in other modules. It will be *mostly* correct. >>>> # Any errors are due to the 1-second resolution of RADIUS, >>>> # and the possibility that the time on the NAS may be off. >>>> # >>>> # The start time is: NOW - delay - session_length >>>> # >>>> >>>> # update request { >>>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - >>>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" >>>> # } >>>> >>>> >>>> # >>>> # Ensure that we have a semi-unique identifier for every >>>> # request, and many NAS boxes are broken. >>>> acct_unique >>>> >>>> # >>>> # Look for IPASS-style 'realm/', and if not found, look for >>>> # '@realm', and decide whether or not to proxy, based on >>>> # that. >>>> # >>>> # Accounting requests are generally proxied to the same >>>> # home server as authentication requests. >>>> # IPASS >>>> suffix >>>> # ntdomain >>>> >>>> # >>>> # Read the 'acct_users' file >>>> files >>>> } >>>> >>>> >>>> >>>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico Capoano >>>> wrote: >>>> >>>>> Could you share the following sections of your config? >>>>> >>>>> - authenticate >>>>> - post-auth >>>>> - accounting >>>>> - preacct >>>>> >>>>> >>>>> >>>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <[email protected]> >>>>> wrote: >>>>> >>>>>> No, I just followed the docs. Am I missing something in the config >>>>>> files? >>>>>> >>>>>> Thanks >>>>>> >>>>>> >>>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico Capoano >>>>>> wrote: >>>>>> >>>>>>> That's a configuration issue related to "eap". Are you trying to >>>>>>> configure EAP? >>>>>>> >>>>>>> Fed >>>>>>> >>>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>> Thanks Federico, >>>>>>>> >>>>>>>> The server is a development one and I have specified the port >>>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed it >>>>>>>> back >>>>>>>> to 8000 after you pointed out but still no effect. >>>>>>>> >>>>>>>> Is freeradius sitting on the same host where >>>>>>>>> django-freeradius/openwisp-radius is installed? >>>>>>>> >>>>>>>> >>>>>>>> The host is 127.0.0.1 as specified in my >>>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the >>>>>>>> instructions >>>>>>>> as in the docs as a root user. >>>>>>>> >>>>>>>> I tried purging and reinstalling freeradius and ended up with a new >>>>>>>> error >>>>>>>> >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >>>>>>>> linked >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> Creating attribute SQL-Group >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> Unable to check file "/etc/freeradius/certs/dh": No such file or >>>>>>>> directory >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> rlm_eap_tls: Failed initializing SSL context >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> rlm_eap (EAP): Failed to initialise rlm_eap_tls >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for module >>>>>>>> "eap" >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: >>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>> >>>>>>>> Any idea of how it got here? >>>>>>>> >>>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico >>>>>>>> Capoano wrote: >>>>>>>>> >>>>>>>>> As the log says, freeradius is trying to reac >>>>>>>>> http://127.0.0.1:8007, this fails and hence it halts. To fix it >>>>>>>>> you must ensure it can connect. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Is freeradius sitting on the same host where >>>>>>>>> django-freeradius/openwisp-radius is installed? Is this a production >>>>>>>>> or >>>>>>>>> development environment? >>>>>>>>> >>>>>>>>> If it's a production environment, the URL http://127.0.0.1:8007 >>>>>>>>> is likely wrong. >>>>>>>>> If it's a development environment, either the development server >>>>>>>>> is not started, or maybe is just because unless you changed the port >>>>>>>>> of the >>>>>>>>> development server, the port is 8000, so the URL should be >>>>>>>>> http://127.0.0.1:8000 >>>>>>>>> >>>>>>>>> I hope it helps >>>>>>>>> Federico >>>>>>>>> >>>>>>>>> >>>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I am currently started to work on the django-freeradius project. >>>>>>>>>> I am facing some problems in setting up the freeradius server... >>>>>>>>>> >>>>>>>>>> when I run >>>>>>>>>> journalctl -xe >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> the output I get is: >>>>>>>>>> >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check >>>>>>>>>> item >>>>>>>>>> "FreeRADIUS-Response-Delay-USec" >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_mschap (mschap): using internal authentication >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24 >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius" >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_sql (sql): Initialising connection pool >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst) >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: # >>>>>>>>>> Skipping contents of 'if' as it is always 'false' -- >>>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331 >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> radiusd: #### Skipping IP addresses and Ports #### >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> Configuration appears to be OK >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>> rlm_sql (sql): Removing connection pool >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>> -- Defined-By: systemd >>>>>>>>>> -- Support: >>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>>>>>>> -- >>>>>>>>>> -- Unit freeradius.service has failed. >>>>>>>>>> -- >>>>>>>>>> -- The result is failed. >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>> freeradius.service: Unit entered failed state. >>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>> freeradius.service: Failed with result 'exit-code'. >>>>>>>>>> >>>>>>>>>> When I run: >>>>>>>>>> >>>>>>>>>> freeradius -X >>>>>>>>>> >>>>>>>>>> I get: >>>>>>>>>> >>>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 >>>>>>>>>> pending slots used >>>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007"; >>>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server >>>>>>>>>> rlm_rest (rest): Opening connection failed (0) >>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for >>>>>>>>>> module "rest" >>>>>>>>>> >>>>>>>>>> I tried to look it up on the internet but cant seem to solve it. >>>>>>>>>> >>>>>>>>>> Any help is appreciated. Thanks >>>>>>>>>> >>>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "OpenWISP" group. >>>>>>>> >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>> >>>>>>> >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OpenWISP" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "OpenWISP" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
