PS: I opened an issue with a reminder to make the documentation more explicit about the fact that the django application (if in prod) or development server (if in dev mode) must be running before freeradius is started (otherwise the rml_rest module of freeradius will halt the startup because it can't connect to the OpenWISP API): https://github.com/openwisp/django-freeradius/issues/223
I hope to be able to address that as well as other docs improvement in the next months. As usual, contributions to the docs are always very welcome and I encourage everyone reading here to try and help in order to move the project forward. Federico On Tue, Dec 11, 2018 at 9:22 AM Federico Capoano <federico.capo...@gmail.com> wrote: > Glad you solved it, I couldn't reply because we are still finishing the > Google Code In and these last days have been crazy. > > Fed > > > Il mar 11 dic 2018, 08:57 Yash Jipkate <yashjipk...@gmail.com> ha scritto: > >> Ok now I get it... I had some conceptual issues. >> >> Thanks for your time. >> >> >> On Saturday, December 8, 2018 at 12:32:58 PM UTC+5:30, Yash Jipkate wrote: >>> >>> Hi Federico, >>> >>> I solved the eap error by running >>> >>> make >>> >>> in /etc/freeradius/certs. >>> >>> Now after I run >>> >>> service freeradius restart >>> >>> I get this in my journalctl -xe >>> >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>> (sql): Initialising connection pool >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: Ignoring >>> "ldap" (see raddb/mods-available/README.rst) >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: # >>> Skipping contents of 'if' as it is always 'false' -- >>> /etc/freeradius/sites-ena >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: radiusd: >>> #### Skipping IP addresses and Ports #### >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: >>> Configuration appears to be OK >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_rest >>> (rest): Removing connection pool >>> Dec 08 11:46:38 thejedicode-inspiron-5558o freeradius[17305]: rlm_sql >>> (sql): Removing connection pool >>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: >>> freeradius.service: Control process exited, code=exited status=1 >>> Dec 08 11:46:38 thejedicode-inspiron-5558o systemd[1]: Failed to start >>> FreeRADIUS multi-protocol policy server. >>> >>> >>> and this when i run freeradius -X >>> >>> rlm_rest (rest): Opening additional connection (0), 1 of 32 pending >>> slots used >>> rlm_rest (rest): Connecting to "http://127.0.0.1:8000"; >>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to server >>> rlm_rest (rest): Opening connection failed (0) >>> rlm_rest (rest): Removing connection pool >>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for module >>> "rest" >>> >>> I dont understand the "couldnt connect to server" part... Isn't the >>> freeradius server itself is supposed to run on that address? What is it >>> trying to connect to? I could not find anything related to starting another >>> server in the freeradius config part of the django-freeradius docs >>> <https://django-freeradius.readthedocs.io/en/latest/general/freeradius.html> >>> I am currently using the development environment. >>> >>> Thanks. >>> >>> >>> On Friday, December 7, 2018 at 9:50:05 PM UTC+5:30, Yash Jipkate wrote: >>>> >>>> Here's the authorize section: >>>> >>>> authorize { >>>> update control { &REST-HTTP-Header += "${...api_token_header}" } >>>> rest >>>> sql >>>> dailycounter >>>> noresetcounter >>>> dailybandwidthcounter >>>> } >>>> >>>> >>>> Thanks. >>>> >>>> On Friday, December 7, 2018 at 9:44:36 PM UTC+5:30, Federico Capoano >>>> wrote: >>>>> >>>>> Sorry I forgot to ask for the authorize section which is the most >>>>> important part. >>>>> >>>>> Fed >>>>> >>>>> On Fri, Dec 7, 2018 at 1:53 PM Yash Jipkate <yashj...@gmail.com> >>>>> wrote: >>>>> >>>>>> These are the sections from sites-enabled/default: >>>>>> >>>>>> - authenticate >>>>>> authenticate {} >>>>>> >>>>>> - post-auth >>>>>> post-auth { >>>>>> update control { &REST-HTTP-Header += >>>>>> "${...api_token_header}" } >>>>>> rest >>>>>> >>>>>> Post-Auth-Type REJECT { >>>>>> update control { &REST-HTTP-Header += >>>>>> "${....api_token_header}" } >>>>>> rest >>>>>> } >>>>>> } >>>>>> >>>>>> >>>>>> - accounting >>>>>> accounting { >>>>>> update control { &REST-HTTP-Header += >>>>>> "${...api_token_header}" } >>>>>> rest >>>>>> } >>>>>> >>>>>> >>>>>> - preacct >>>>>> preacct { >>>>>> preprocess >>>>>> >>>>>> # >>>>>> # Merge Acct-[Input|Output]-Gigawords and >>>>>> Acct-[Input-Output]-Octets >>>>>> # into a single 64bit counter Acct-[Input|Output]-Octets64. >>>>>> # >>>>>> # acct_counters64 >>>>>> >>>>>> # >>>>>> # Session start times are *implied* in RADIUS. >>>>>> # The NAS never sends a "start time". Instead, it sends >>>>>> # a start packet, *possibly* with an Acct-Delay-Time. >>>>>> # The server is supposed to conclude that the start time >>>>>> # was "Acct-Delay-Time" seconds in the past. >>>>>> # >>>>>> # The code below creates an explicit start time, which can >>>>>> # then be used in other modules. It will be *mostly* correct. >>>>>> # Any errors are due to the 1-second resolution of RADIUS, >>>>>> # and the possibility that the time on the NAS may be off. >>>>>> # >>>>>> # The start time is: NOW - delay - session_length >>>>>> # >>>>>> >>>>>> # update request { >>>>>> # &FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - >>>>>> %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" >>>>>> # } >>>>>> >>>>>> >>>>>> # >>>>>> # Ensure that we have a semi-unique identifier for every >>>>>> # request, and many NAS boxes are broken. >>>>>> acct_unique >>>>>> >>>>>> # >>>>>> # Look for IPASS-style 'realm/', and if not found, look for >>>>>> # '@realm', and decide whether or not to proxy, based on >>>>>> # that. >>>>>> # >>>>>> # Accounting requests are generally proxied to the same >>>>>> # home server as authentication requests. >>>>>> # IPASS >>>>>> suffix >>>>>> # ntdomain >>>>>> >>>>>> # >>>>>> # Read the 'acct_users' file >>>>>> files >>>>>> } >>>>>> >>>>>> >>>>>> >>>>>> On Friday, December 7, 2018 at 5:53:02 PM UTC+5:30, Federico Capoano >>>>>> wrote: >>>>>> >>>>>>> Could you share the following sections of your config? >>>>>>> >>>>>>> - authenticate >>>>>>> - post-auth >>>>>>> - accounting >>>>>>> - preacct >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Dec 7, 2018 at 1:02 PM Yash Jipkate <yashj...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> No, I just followed the docs. Am I missing something in the config >>>>>>>> files? >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> >>>>>>>> On Friday, December 7, 2018 at 5:26:01 PM UTC+5:30, Federico >>>>>>>> Capoano wrote: >>>>>>>> >>>>>>>>> That's a configuration issue related to "eap". Are you trying to >>>>>>>>> configure EAP? >>>>>>>>> >>>>>>>>> Fed >>>>>>>>> >>>>>>>>> On Fri, Dec 7, 2018 at 11:55 AM Yash Jipkate <yashj...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>> Thanks Federico, >>>>>>>>>> >>>>>>>>>> The server is a development one and I have specified the port >>>>>>>>>> in /etc/freeradius/mods-enabled/rest file. Although I have changed >>>>>>>>>> it back >>>>>>>>>> to 8000 after you pointed out but still no effect. >>>>>>>>>> >>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>> django-freeradius/openwisp-radius is installed? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The host is 127.0.0.1 as specified in my >>>>>>>>>> /etc/freeradius/mods-enabled/rest file and I have followed the >>>>>>>>>> instructions >>>>>>>>>> as in the docs as a root user. >>>>>>>>>> >>>>>>>>>> I tried purging and reinstalling freeradius and ended up with a >>>>>>>>>> new error >>>>>>>>>> >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded >>>>>>>>>> and linked >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> Creating attribute SQL-Group >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> Unable to check file "/etc/freeradius/certs/dh": No such file or >>>>>>>>>> directory >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> rlm_eap_tls: Failed initializing SSL context >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> rlm_eap (EAP): Failed to initialise rlm_eap_tls >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o freeradius[24760]: >>>>>>>>>> /etc/freeradius/mods-enabled/eap[14]: Instantiation failed for >>>>>>>>>> module "eap" >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>> Dec 07 16:18:04 thejedicode-inspiron-5558o systemd[1]: Failed to >>>>>>>>>> start FreeRADIUS multi-protocol policy server. >>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>> >>>>>>>>>> Any idea of how it got here? >>>>>>>>>> >>>>>>>>>> On Friday, December 7, 2018 at 2:21:19 PM UTC+5:30, Federico >>>>>>>>>> Capoano wrote: >>>>>>>>>>> >>>>>>>>>>> As the log says, freeradius is trying to reac >>>>>>>>>>> http://127.0.0.1:8007, this fails and hence it halts. To fix it >>>>>>>>>>> you must ensure it can connect. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Is freeradius sitting on the same host where >>>>>>>>>>> django-freeradius/openwisp-radius is installed? Is this a >>>>>>>>>>> production or >>>>>>>>>>> development environment? >>>>>>>>>>> >>>>>>>>>>> If it's a production environment, the URL http://127.0.0.1:8007 >>>>>>>>>>> is likely wrong. >>>>>>>>>>> If it's a development environment, either the development server >>>>>>>>>>> is not started, or maybe is just because unless you changed the >>>>>>>>>>> port of the >>>>>>>>>>> development server, the port is 8000, so the URL should be >>>>>>>>>>> http://127.0.0.1:8000 >>>>>>>>>>> >>>>>>>>>>> I hope it helps >>>>>>>>>>> Federico >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Friday, December 7, 2018 at 4:49:02 AM UTC+1, Yash Jipkate >>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> I am currently started to work on the django-freeradius >>>>>>>>>>>> project. I am facing some problems in setting up the freeradius >>>>>>>>>>>> server... >>>>>>>>>>>> >>>>>>>>>>>> when I run >>>>>>>>>>>> journalctl -xe >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> the output I get is: >>>>>>>>>>>> >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> [/etc/freeradius/mods-config/attr_filter/access_reject]:11 Check >>>>>>>>>>>> item >>>>>>>>>>>> "FreeRADIUS-Response-Delay-USec" >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_mschap (mschap): using internal authentication >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_sql_mysql: libmysql version: 5.7.24 >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_sql (sql): Attempting to connect to database "radius" >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_sql (sql): Initialising connection pool >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> Ignoring "ldap" (see raddb/mods-available/README.rst) >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> # Skipping contents of 'if' as it is always 'false' -- >>>>>>>>>>>> /etc/freeradius/sites-enabled/inner-tunnel:331 >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> radiusd: #### Skipping IP addresses and Ports #### >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> Configuration appears to be OK >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o freeradius[10549]: >>>>>>>>>>>> rlm_sql (sql): Removing connection pool >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>> freeradius.service: Control process exited, code=exited status=1 >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: Failed >>>>>>>>>>>> to start FreeRADIUS multi-protocol policy server. >>>>>>>>>>>> -- Subject: Unit freeradius.service has failed >>>>>>>>>>>> -- Defined-By: systemd >>>>>>>>>>>> -- Support: >>>>>>>>>>>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel >>>>>>>>>>>> -- >>>>>>>>>>>> -- Unit freeradius.service has failed. >>>>>>>>>>>> -- >>>>>>>>>>>> -- The result is failed. >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>> freeradius.service: Unit entered failed state. >>>>>>>>>>>> Dec 07 08:55:18 thejedicode-inspiron-5558o systemd[1]: >>>>>>>>>>>> freeradius.service: Failed with result 'exit-code'. >>>>>>>>>>>> >>>>>>>>>>>> When I run: >>>>>>>>>>>> >>>>>>>>>>>> freeradius -X >>>>>>>>>>>> >>>>>>>>>>>> I get: >>>>>>>>>>>> >>>>>>>>>>>> rlm_rest (rest): Opening additional connection (0), 1 of 32 >>>>>>>>>>>> pending slots used >>>>>>>>>>>> rlm_rest (rest): Connecting to "http://127.0.0.1:8007"; >>>>>>>>>>>> rlm_rest (rest): Connection failed: 7 - Couldn't connect to >>>>>>>>>>>> server >>>>>>>>>>>> rlm_rest (rest): Opening connection failed (0) >>>>>>>>>>>> rlm_rest (rest): Removing connection pool >>>>>>>>>>>> /etc/freeradius/mods-enabled/rest[1]: Instantiation failed for >>>>>>>>>>>> module "rest" >>>>>>>>>>>> >>>>>>>>>>>> I tried to look it up on the internet but cant seem to solve >>>>>>>>>>>> it. >>>>>>>>>>>> >>>>>>>>>>>> Any help is appreciated. Thanks >>>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "OpenWISP" group. >>>>>>>>>> >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to openwisp+u...@googlegroups.com. >>>>>>>>> >>>>>>>>> >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "OpenWISP" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to openwisp+u...@googlegroups.com. >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "OpenWISP" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to openwisp+u...@googlegroups.com. >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to openwisp+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
