Failed to find "pap" as a module or policy

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

Failed to find "pap" as a module or policy

Users mailing list
Hi,

I am using Freeradius 3.0.12 (official deb package on Debian 9).

When I start daemon, I get this error:


/etc/freeradius/3.0/sites-enabled/default[459]: Failed to find "pap" as a module or policy.
/etc/freeradius/3.0/sites-enabled/default[459]: Please verify that the configuration exists in /etc/freeradius/3.0/mods-enabled/pap.
/etc/freeradius/3.0/sites-enabled/default[459]: Failed to parse "pap" entry.


File /etc/freeradius/3.0/mods-enabled/pap exists, with this content:


# -*- text -*-
#
# $Id: 0038ecd154840c71ceff33ddfdd936e4e28e0bcd $

# PAP module to authenticate users based on their stored password
#
# Supports multiple encryption/hash schemes. See "man rlm_pap"
# for details.
#
# For instructions on creating the various types of passwords, see:
#
# http://www.openldap.org/faq/data/cache/347.html
pap {
# By default the server will use heuristics to try and automatically
# handle base64 or hex encoded passwords. This behaviour can be
# stopped by setting the following to "no".
# normalise = yes
}


My "default" site config is:

server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
authorize {
chap
mschap
-sql
-ldap
pap
}
authenticate {
Auth-Type PAP {
pap
}

Auth-Type CHAP {
chap
}
Auth-Type MSCHAP {
mschap
}
mschap
}
preacct {
}
accounting {
-sql
}
session {
}
post-auth {
update {
&reply: += &session-state:
}
-sql
Post-Auth-Type REJECT {
-sql
}
}
pre-proxy {
}
post-proxy {
}
}

This is complete output of: freeradius -X

FreeRADIUS Version 3.0.12
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/3.0/dictionary
including configuration file /etc/freeradius/3.0/radiusd.conf
including configuration file /etc/freeradius/3.0/proxy.conf
including configuration file /etc/freeradius/3.0/clients.conf
including configuration file /etc/freeradius/3.0/sql.conf
including configuration file /etc/freeradius/3.0/sql/mysql/dialup.conf
including files in directory /etc/freeradius/3.0/sites-enabled/
including configuration file /etc/freeradius/3.0/sites-enabled/default
main {
security {
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 192.168.0.0/24 {
ipv4addr = 192.168.0.0/24
require_message_authenticator = no
secret = <<< secret >>>
shortname = "private-network-0"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 192.168.1.0/24 {
ipv4addr = 192.168.1.0/24
require_message_authenticator = no
secret = <<< secret >>>
shortname = "private-network-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Debugger not attached
# Creating Auth-Type = mschap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_sql
# Loading module "sql" from file /etc/freeradius/3.0/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "db.company.net"
port = 0
login = "radius"
password = <<< secret >>>
radius_db = "radius"
read_groups = yes
read_profiles = yes
read_clients = no
delete_stale_sessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
group_membership_query = "SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}'"
simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
accounting {
reference = ".query"
type {
accounting-on {
}
accounting-off {
}
start {
}
interim-update {
}
stop {
}
}
}
post-auth {
reference = ".query"
}
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Creating attribute SQL-Group
instantiate {
}
# Instantiating module "sql" from file /etc/freeradius/3.0/sql.conf
rlm_sql_mysql: libmysql version: 10.1.38-MariaDB
mysql {
tls {
}
warnings = "auto"
}
rlm_sql (sql): Attempting to connect to database "radius"
rlm_sql (sql): Initialising connection pool
pool {
start = 5
min = 5
max = 10
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_sql (sql): Opening additional connection (0), 1 of 10 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on db.company.net via TCP/IP, server version 5.5.47-MariaDB-1~wheezy-wsrep-log, protocol version 10
rlm_sql (sql): Opening additional connection (1), 1 of 9 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on db.company.net via TCP/IP, server version 5.5.47-MariaDB-1~wheezy-wsrep-log, protocol version 10
rlm_sql (sql): Opening additional connection (2), 1 of 8 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on db.company.net via TCP/IP, server version 5.5.47-MariaDB-1~wheezy-wsrep-log, protocol version 10
rlm_sql (sql): Opening additional connection (3), 1 of 7 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on db.company.net via TCP/IP, server version 5.5.47-MariaDB-1~wheezy-wsrep-log, protocol version 10
rlm_sql (sql): Opening additional connection (4), 1 of 6 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on db.company.net via TCP/IP, server version 5.5.47-MariaDB-1~wheezy-wsrep-log, protocol version 10
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/3.0/radiusd.conf
} # server
server default { # from file /etc/freeradius/3.0/sites-enabled/default
# Loading authenticate {...}
/etc/freeradius/3.0/sites-enabled/default[459]: Failed to find "pap" as a module or policy.
/etc/freeradius/3.0/sites-enabled/default[459]: Please verify that the configuration exists in /etc/freeradius/3.0/mods-enabled/pap.
/etc/freeradius/3.0/sites-enabled/default[459]: Failed to parse "pap" entry.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Failed to find "pap" as a module or policy

Matthew Newton-3
On Fri, 2019-08-09 at 14:45 +0200, Luther Abyss via Freeradius-Users
wrote:

> FreeRADIUS Version 3.0.12
> Copyright (C) 1999-2016 The FreeRADIUS server project and
> contributors
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License
> For more information about these matters, see the file named
> COPYRIGHT
> Starting - reading configuration files ...
> including dictionary file /usr/share/freeradius/dictionary
> including dictionary file /usr/share/freeradius/dictionary.dhcp
> including dictionary file /usr/share/freeradius/dictionary.vqp
> including dictionary file /etc/freeradius/3.0/dictionary
> including configuration file /etc/freeradius/3.0/radiusd.conf
> including configuration file /etc/freeradius/3.0/proxy.conf
> including configuration file /etc/freeradius/3.0/clients.conf
> including configuration file /etc/freeradius/3.0/sql.conf
> including configuration file
> /etc/freeradius/3.0/sql/mysql/dialup.conf
> including files in directory /etc/freeradius/3.0/sites-enabled/
> including configuration file /etc/freeradius/3.0/sites-
> enabled/default

Looks like you've edited the main configuration file and removed the
include line that reads the module configs.

--
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Failed to find "pap" as a module or policy

Users mailing list
Hi Matthew,
you were absolutely free, I missed:

confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config

Thank you!



> Il 9 agosto 2019 alle 14.57 Matthew Newton <[hidden email]> ha scritto:
>
>
> On Fri, 2019-08-09 at 14:45 +0200, Luther Abyss via Freeradius-Users
> wrote:
> > FreeRADIUS Version 3.0.12
> > Copyright (C) 1999-2016 The FreeRADIUS server project and
> > contributors
> > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > PARTICULAR PURPOSE
> > You may redistribute copies of FreeRADIUS under the terms of the
> > GNU General Public License
> > For more information about these matters, see the file named
> > COPYRIGHT
> > Starting - reading configuration files ...
> > including dictionary file /usr/share/freeradius/dictionary
> > including dictionary file /usr/share/freeradius/dictionary.dhcp
> > including dictionary file /usr/share/freeradius/dictionary.vqp
> > including dictionary file /etc/freeradius/3.0/dictionary
> > including configuration file /etc/freeradius/3.0/radiusd.conf
> > including configuration file /etc/freeradius/3.0/proxy.conf
> > including configuration file /etc/freeradius/3.0/clients.conf
> > including configuration file /etc/freeradius/3.0/sql.conf
> > including configuration file
> > /etc/freeradius/3.0/sql/mysql/dialup.conf
> > including files in directory /etc/freeradius/3.0/sites-enabled/
> > including configuration file /etc/freeradius/3.0/sites-
> > enabled/default
>
> Looks like you've edited the main configuration file and removed the
> include line that reads the module configs.
>
> --
> Matthew
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html