Two pieces of advice on FreeRADIUS.
- Keep up with new versions. There are improvements in each version, so don't just copy over the same config files: make those changes in the new files so you keep up with the times.
- If you're starting with a fresh install, don't jump in and make changes right away. Test the freshly installed server first to be sure it works. Make a change, then restart the server to be sure it still works. Another change, another restart, another test. Debug mode -XXX is your friend.
And I finally eliminated a FreeRADIUS warning I saw while in debug mode. This warning is very common now because FreeRADIUS has been upgraded internally but not all of the sample files have been tidied up to reflect the improvement (see my recommendations above!). In debug mode, you might see Info: [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details and man unlang wasn't particularly enlightening on first pass since it wasn't obvious until I read this post by Mr. FreeRADIUS himself where he explains why this change is A Good Thing. The key is to use more percents and more braces. The line that causes the error for ldap is in the modules/ldap file:
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
It needs to updated like so:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
This worked to eliminate the warning before I ditched LDAP because it wasn't matching what I needed.
No comments:
Post a Comment