0001727: Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section. - PacketFence

Bug Tracking System

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0001727

PacketFence

radius

public

2013-10-09 12:45

Reporter

carrots

Assigned To

Priority

high

Severity

major

Reproducibility

always

Status

new

Resolution

open

Platform

Linux

RHEL / CentOS

OS Version

Product Version

4.0.6-2

Target Version

Fixed in Version

Summary

0001727: Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section.

Description

Whenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:-

Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section.
Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section.
Error: Failed to load virtual server <default>

Contents of some of the configuration files are as follows:-

/usr/local/pf/conf/radiusd/radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}
run_dir = ${localstatedir}/run

db_dir = ${raddbdir}

libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid

user = pf
group = pf

max_request_time = 30
cleanup_delay = 5
max_requests = 1024

listen {
        type = auth
        ipaddr = %%management_ip%%
        port = 0
        virtual_server = packetfence
}

listen {
        ipaddr = %%management_ip%%
        port = 0
        type = acct
        virtual_server = packetfence
}

hostname_lookups = no
allow_core_dumps = no

regular_expressions = yes
extended_expressions = yes

log {
        destination = files
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}

proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf

thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        $INCLUDE ${confdir}/modules/
        $INCLUDE eap.conf
        $INCLUDE sql.conf
}

instantiate {
        exec
        expr
        expiration
        logintime
}

$INCLUDE policy.conf
$INCLUDE sites-enabled/

authorize {
        eap
        files
}

authenticate {
        eap
}

/usr/local/pf/raddb/sites-enabled/default - perl entry lines shown...
authorize {

<sic>
        #
        # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        # authentication.
        #
        # It also sets the EAP-Type attribute in the request
        # attribute list to the EAP type from the packet.
        #
        # As of 2.0, the EAP module returns "ok" in the authorize stage
        # for TTLS and PEAP. In 1.x, it never returned "ok" here, so
        # this change is compatible with older configurations.
        #
        # The example below uses module failover to avoid querying all
        # of the following modules if the EAP module returns "ok".
        # Therefore, your LDAP and/or SQL servers will not be queried
        # for the many packets that go back and forth to set up TTLS
        # or PEAP. The load on those servers will therefore be reduced.
        #
        eap {
                ok = return
        }

<sic>

        #
        # The ldap module will set Auth-Type to LDAP if it has not
        # already been set
# ldap

        #
        # Enforce daily limits on time spent logged in.
# daily

        #
        # Use the checkval module
# checkval

        expiration
        logintime
        perl

<sic>

# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
        # Get an address from the IP Pool.
# main_pool
        perl
        #
        # If you want to have a log of authentication replies,
        # un-comment the following line, and the 'detail reply_log'
        # section, above.
# reply_log

If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine.

Steps To Reproduce

Install packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide.

Additional Information

I've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries.

I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:-

raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}

Issue History
Date Modified	Username	Field	Change
2013-10-09 12:45	carrots	New Issue

Relationships

Notes
There are no notes attached to this issue.