Including vendor dictionary in config

classic Classic list List threaded Threaded
9 messages Options
| Threaded
Open this post in threaded view
|

Including vendor dictionary in config

Oleg Olejek
OS: CentOS 7.8
freeradius - 3.0.13 (from centos repo) or 3.0.21 (built from sources)
radiusd.conf - last line
*$INCLUDE /usr/share/freeradius/dictionary*
gives an error:
*Expecting section start brace '{' after "ATTRIBUTE*

*$INCLUDE /usr/local/ share/freeradius/dictionary.fortinet*
gives an error:
*Expecting section start brace '{' after "VENDOR Fortinet"*


--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar

Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Jorge Pereira-2
Oleg,

I didn’t understand that error. Can you share the debug output as described in https://wiki.freeradius.org/guide/radiusd-X <https://wiki.freeradius.org/guide/radiusd-X>

--
Jorge Pereira
[hidden email]




> On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
>
> dictionary.fortinet

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Oleg Olejek
Sure)
The Main goal is to deal with Fortigate using vendor specific attribute.
I added line at the end of radiusd.conf: $INCLUDE
/usr/local/share/freeradius/dictionary
radiusd -X gives this error:
including configuration file /usr/local/etc/raddb/mods-enabled/unpack
including configuration file /usr/local/etc/raddb/mods-enabled/utf8
including files in directory /usr/local/etc/raddb/policy.d/
including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
including configuration file /usr/local/etc/raddb/policy.d/accounting
including configuration file /usr/local/etc/raddb/policy.d/canonicalization
including configuration file /usr/local/etc/raddb/policy.d/control
including configuration file /usr/local/etc/raddb/policy.d/cui
including configuration file /usr/local/etc/raddb/policy.d/debug
including configuration file /usr/local/etc/raddb/policy.d/dhcp
including configuration file /usr/local/etc/raddb/policy.d/eap
including configuration file /usr/local/etc/raddb/policy.d/filter
including configuration file
/usr/local/etc/raddb/policy.d/moonshot-targeted-ids
including configuration file /usr/local/etc/raddb/policy.d/operator-name
including configuration file /usr/local/etc/raddb/policy.d/rfc7542
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/share/freeradius/dictionary
including configuration file /usr/local/share/freeradius/dictionary.compat
/usr/local/share/freeradius/dictionary.compat[12]: Expecting section start
brace '{' after "ATTRIBUTE Client-Id"
Errors reading or parsing /usr/local/etc/raddb/radiusd.conf

On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <[hidden email]>
wrote:

> Oleg,
>
> I didn’t understand that error. Can you share the debug output as
> described in https://wiki.freeradius.org/guide/radiusd-X <
> https://wiki.freeradius.org/guide/radiusd-X>
>
> --
> Jorge Pereira
> [hidden email]
>
>
>
>
> > On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
> >
> > dictionary.fortinet
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar

Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Oleg Olejek
Am i right that including dictionary in radiusd.conf is an error and all
dictionary includes should be listed in dictionary file in raddb directory?

On Mon, Aug 31, 2020 at 9:50 PM Oleg Olejek <[hidden email]> wrote:

> Sure)
> The Main goal is to deal with Fortigate using vendor specific attribute.
> I added line at the end of radiusd.conf: $INCLUDE
> /usr/local/share/freeradius/dictionary
> radiusd -X gives this error:
> including configuration file /usr/local/etc/raddb/mods-enabled/unpack
> including configuration file /usr/local/etc/raddb/mods-enabled/utf8
> including files in directory /usr/local/etc/raddb/policy.d/
> including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
> including configuration file /usr/local/etc/raddb/policy.d/accounting
> including configuration file /usr/local/etc/raddb/policy.d/canonicalization
> including configuration file /usr/local/etc/raddb/policy.d/control
> including configuration file /usr/local/etc/raddb/policy.d/cui
> including configuration file /usr/local/etc/raddb/policy.d/debug
> including configuration file /usr/local/etc/raddb/policy.d/dhcp
> including configuration file /usr/local/etc/raddb/policy.d/eap
> including configuration file /usr/local/etc/raddb/policy.d/filter
> including configuration file
> /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
> including configuration file /usr/local/etc/raddb/policy.d/operator-name
> including configuration file /usr/local/etc/raddb/policy.d/rfc7542
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> including configuration file /usr/local/share/freeradius/dictionary
> including configuration file /usr/local/share/freeradius/dictionary.compat
> /usr/local/share/freeradius/dictionary.compat[12]: Expecting section start
> brace '{' after "ATTRIBUTE Client-Id"
> Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
>
> On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <[hidden email]>
> wrote:
>
>> Oleg,
>>
>> I didn’t understand that error. Can you share the debug output as
>> described in https://wiki.freeradius.org/guide/radiusd-X <
>> https://wiki.freeradius.org/guide/radiusd-X>
>>
>> --
>> Jorge Pereira
>> [hidden email]
>>
>>
>>
>>
>> > On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
>> >
>> > dictionary.fortinet
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
> С уважением, Олежек Олег.
> Тел.:+380933964967
> Skype: dizaar
>
> Best Regards, Oleg Olezhek.
> Phone: +380933964967
> Skype: dizaar
>


--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar

Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Jorge Pereira-2
In reply to this post by Oleg Olejek

> On 31 Aug 2020, at 15:50, Oleg Olejek <[hidden email]> wrote:
>
> Sure)
> The Main goal is to deal with Fortigate using vendor specific attribute.
> I added line at the end of radiusd.conf: $INCLUDE
> /usr/local/share/freeradius/dictionary

Share the content added into the file. Indeed, looks wrong. It will be hard to help if you don’t share the content. Therefore, keep in mind that the dictionaries files
expect *only* the dictionary syntax. You can’t add “if(…) {}” or anything else.


> radiusd -X gives this error:
> including configuration file /usr/local/etc/raddb/mods-enabled/unpack
> including configuration file /usr/local/etc/raddb/mods-enabled/utf8
> including files in directory /usr/local/etc/raddb/policy.d/
> including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
> including configuration file /usr/local/etc/raddb/policy.d/accounting
> including configuration file /usr/local/etc/raddb/policy.d/canonicalization
> including configuration file /usr/local/etc/raddb/policy.d/control
> including configuration file /usr/local/etc/raddb/policy.d/cui
> including configuration file /usr/local/etc/raddb/policy.d/debug
> including configuration file /usr/local/etc/raddb/policy.d/dhcp
> including configuration file /usr/local/etc/raddb/policy.d/eap
> including configuration file /usr/local/etc/raddb/policy.d/filter
> including configuration file
> /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
> including configuration file /usr/local/etc/raddb/policy.d/operator-name
> including configuration file /usr/local/etc/raddb/policy.d/rfc7542
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
> including configuration file /usr/local/share/freeradius/dictionary
> including configuration file /usr/local/share/freeradius/dictionary.compat
> /usr/local/share/freeradius/dictionary.compat[12]: Expecting section start
> brace '{' after "ATTRIBUTE Client-Id"
> Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
>
> On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <[hidden email]>
> wrote:
>
>> Oleg,
>>
>> I didn’t understand that error. Can you share the debug output as
>> described in https://wiki.freeradius.org/guide/radiusd-X <
>> https://wiki.freeradius.org/guide/radiusd-X>
>>
>> --
>> Jorge Pereira
>> [hidden email]
>>
>>
>>
>>
>>> On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
>>>
>>> dictionary.fortinet
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
> С уважением, Олежек Олег.
> Тел.:+380933964967
> Skype: dizaar
>
> Best Regards, Oleg Olezhek.
> Phone: +380933964967
> Skype: dizaar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Oleg Olejek
cat /usr/local/share/freeradius/dictionary
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0
https://creativecommons.org/licenses/by/4.0
#
# Version $Id: a6a2e16c0265bb3d0fcaa5521a89511aab695111 $
#
#       DO NOT EDIT THE FILES IN THIS DIRECTORY
#
#       The files in this directory are maintained and updated by
#       the FreeRADIUS project.  Newer releases of software may update
#       or change these files.
#
#       Use the main dictionary file (usually /etc/raddb/dictionary)
#       for local system attributes and $INCLUDEs.
#
#
#
#       This file contains dictionary translations for parsing
#       requests and generating responses.  All transactions are
#       composed of Attribute/Value Pairs.  The value of each attribute
#       is specified as one of a few data types.  Valid data types are:
#
#       string     - printable text, generally UTF-8 encoded.  (The RFCs
call this "text")
#       ipaddr     - 4 octets in network byte order
#       ipv4prefix - 1 octet reserved, one octet prefix, 4 octets ipaddr
#       integer    - 32 bit value in big endian order
#       integer64  - 64 bit value in big endian order
#       date       - 32 bit value in big endian order - seconds since
#                    00:00:00 GMT,  Jan.  1,  1970
#       ifid       - 8 octets in network byte order
#       ipv6addr   - 16 octets in network byte order
#       ipv6prefix - 1 octet reserved, one octet prefix, 16 octets ipv6addr
#       tlv        - type-length-value
#
#       FreeRADIUS includes data types which are not defined
#       in the RFC's.  These data types are:
#
#       abinary - Ascend's binary filter format.
#       byte    - 8 bit unsigned integer
#       ether   - 6 octets of hh:hh:hh:hh:hh:hh
#                 where 'h' is hex digits, upper or lowercase.
#       short   - 16-bit unsigned integer in network byte order
#       signed  - 32-bit signed integer in network byte order
#       octets  - raw octets, printed and input as hex strings.
#                 e.g.: 0x123456789abcdef  The RFCs call this "string".
#
#       FreeRADIUS uses a number of data types which are defined in
#       RFC 6929.  These data types should NEVER be used in any other
#       dictionary.  We won't even list them here.
#
#
#       Enumerated values are stored in the user file with dictionary
#       VALUE translations for easy administration.
#
#       Example:
#
#       ATTRIBUTE         VALUE
#       ---------------   -----
#       Framed-Protocol = PPP
#       7               = 1     (integer encoding)
#

#
#       Include compatibility dictionary for older users file. Move
#       this directive to the end of this file if you want to see the
#       old names in the logfiles, instead of the new names.
#
$INCLUDE dictionary.compat

#
#       These dictionaries define attributes in the IETF managed space.
#       (i.e. 1..255). This is wrong.  We include them here to allow them.
#       The IETF allocated ones are listed below, which gives them priority.
#
#       i.e. don't do this.  Don't use these attributes
#
$INCLUDE dictionary.usr.illegal
$INCLUDE dictionary.ascend.illegal

#
#       IETF allocated attributes and values.  Split out into
#       the RFC which defined them.
#
#       For a complete list of the standard attributes and values,
#       see:
#               http://www.iana.org/assignments/radius-types
#
$INCLUDE dictionary.rfc2865
$INCLUDE dictionary.rfc2866
$INCLUDE dictionary.rfc2867
$INCLUDE dictionary.rfc2868
$INCLUDE dictionary.rfc2869
$INCLUDE dictionary.rfc3162
$INCLUDE dictionary.rfc3576
$INCLUDE dictionary.rfc3580
$INCLUDE dictionary.rfc4072
$INCLUDE dictionary.rfc4372
$INCLUDE dictionary.rfc4603
$INCLUDE dictionary.rfc4675
$INCLUDE dictionary.rfc4679
$INCLUDE dictionary.rfc4818
$INCLUDE dictionary.rfc4849
$INCLUDE dictionary.rfc5176
$INCLUDE dictionary.rfc5447
$INCLUDE dictionary.rfc5580
$INCLUDE dictionary.rfc5607
$INCLUDE dictionary.rfc5904
$INCLUDE dictionary.rfc6519
$INCLUDE dictionary.rfc6572
$INCLUDE dictionary.rfc6677
$INCLUDE dictionary.rfc6911
$INCLUDE dictionary.rfc6929
$INCLUDE dictionary.rfc6930
$INCLUDE dictionary.rfc7055
$INCLUDE dictionary.rfc7155
$INCLUDE dictionary.rfc7268
$INCLUDE dictionary.rfc7499
$INCLUDE dictionary.rfc7930
$INCLUDE dictionary.rfc8045
$INCLUDE dictionary.rfc8559

#
#       Mostly values which have been allocated by IANA under
#       "expert review", but which don't have an RFC associated with them.
#
$INCLUDE dictionary.iana

#
#  Commented out because of attribute conflicts.
#
#$INCLUDE dictionary.alvarion.wimax.v2_2
#$INCLUDE dictionary.nokia.conflict
#$INCLUDE dictionary.openser
#$INCLUDE dictionary.starent.vsa1
#$INCLUDE dictionary.wimax.wichorus

#
#       Vendor dictionaries are listed after the standard ones.
#
$INCLUDE dictionary.3com
$INCLUDE dictionary.3gpp
$INCLUDE dictionary.3gpp2
$INCLUDE dictionary.acc
$INCLUDE dictionary.acme
$INCLUDE dictionary.actelis
$INCLUDE dictionary.adtran
$INCLUDE dictionary.aerohive
$INCLUDE dictionary.airespace
$INCLUDE dictionary.alcatel
$INCLUDE dictionary.alcatel-lucent.aaa
$INCLUDE dictionary.alcatel.esam
$INCLUDE dictionary.alcatel.sr
$INCLUDE dictionary.alteon
$INCLUDE dictionary.altiga
$INCLUDE dictionary.alvarion
$INCLUDE dictionary.apc
$INCLUDE dictionary.aptilo
$INCLUDE dictionary.aptis
$INCLUDE dictionary.arbor
$INCLUDE dictionary.arista
$INCLUDE dictionary.aruba
$INCLUDE dictionary.ascend
$INCLUDE dictionary.asn
$INCLUDE dictionary.audiocodes
$INCLUDE dictionary.avaya
$INCLUDE dictionary.azaire
$INCLUDE dictionary.bay
$INCLUDE dictionary.bigswitch
$INCLUDE dictionary.bintec
$INCLUDE dictionary.bluecoat
$INCLUDE dictionary.boingo
$INCLUDE dictionary.bristol
$INCLUDE dictionary.broadsoft
$INCLUDE dictionary.brocade
$INCLUDE dictionary.bskyb
$INCLUDE dictionary.bt
$INCLUDE dictionary.cablelabs
$INCLUDE dictionary.cabletron
$INCLUDE dictionary.camiant
$INCLUDE dictionary.checkpoint
$INCLUDE dictionary.chillispot
$INCLUDE dictionary.cisco
$INCLUDE dictionary.cisco.asa
#
#        The Cisco VPN300 dictionary uses the same Vendor ID as the ASA one.
#        You shouldn't use both at the same time.
#
#   Note : the altiga dictionary, not listed here, also uses the same
Vendor ID
#
#$INCLUDE dictionary.cisco.vpn3000
$INCLUDE dictionary.cisco.bbsm
$INCLUDE dictionary.cisco.vpn5000
$INCLUDE dictionary.citrix
$INCLUDE dictionary.clavister
$INCLUDE dictionary.cnergee
$INCLUDE dictionary.colubris
$INCLUDE dictionary.columbia_university
$INCLUDE dictionary.compatible
$INCLUDE dictionary.cosine
$INCLUDE dictionary.dante
$INCLUDE dictionary.dellemc
$INCLUDE dictionary.digium
$INCLUDE dictionary.dlink
$INCLUDE dictionary.dragonwave
$INCLUDE dictionary.efficientip
$INCLUDE dictionary.eltex
$INCLUDE dictionary.epygi
$INCLUDE dictionary.equallogic
$INCLUDE dictionary.ericsson
$INCLUDE dictionary.ericsson.ab
$INCLUDE dictionary.ericsson.packet.core.networks
$INCLUDE dictionary.erx
$INCLUDE dictionary.extreme
$INCLUDE dictionary.f5
$INCLUDE dictionary.fdxtended
$INCLUDE dictionary.force10
$INCLUDE dictionary.fortinet
$INCLUDE dictionary.foundry
$INCLUDE dictionary.freeradius
$INCLUDE dictionary.freeswitch
$INCLUDE dictionary.gandalf
$INCLUDE dictionary.garderos
$INCLUDE dictionary.gemtek
$INCLUDE dictionary.h3c
$INCLUDE dictionary.hillstone
$INCLUDE dictionary.hp
$INCLUDE dictionary.huawei
$INCLUDE dictionary.iea
$INCLUDE dictionary.infinera
$INCLUDE dictionary.infoblox
$INCLUDE dictionary.infonet
$INCLUDE dictionary.ipunplugged
$INCLUDE dictionary.issanni
$INCLUDE dictionary.itk
$INCLUDE dictionary.juniper
$INCLUDE dictionary.karlnet
$INCLUDE dictionary.kineto
$INCLUDE dictionary.lancom
$INCLUDE dictionary.lantronix
$INCLUDE dictionary.livingston
$INCLUDE dictionary.localweb
$INCLUDE dictionary.lucent
$INCLUDE dictionary.manzara
$INCLUDE dictionary.meinberg
$INCLUDE dictionary.meraki
$INCLUDE dictionary.merit
$INCLUDE dictionary.meru
$INCLUDE dictionary.microsemi
$INCLUDE dictionary.microsoft
$INCLUDE dictionary.mikrotik
$INCLUDE dictionary.mimosa
$INCLUDE dictionary.motorola
$INCLUDE dictionary.motorola.wimax
$INCLUDE dictionary.navini
$INCLUDE dictionary.net
$INCLUDE dictionary.netscreen
$INCLUDE dictionary.networkphysics
$INCLUDE dictionary.nexans
$INCLUDE dictionary.nokia
$INCLUDE dictionary.nomadix
$INCLUDE dictionary.nortel
$INCLUDE dictionary.ntua
$INCLUDE dictionary.packeteer
$INCLUDE dictionary.paloalto
$INCLUDE dictionary.patton
$INCLUDE dictionary.perle
$INCLUDE dictionary.pfsense
$INCLUDE dictionary.pica8
$INCLUDE dictionary.propel
$INCLUDE dictionary.prosoft
$INCLUDE dictionary.proxim
$INCLUDE dictionary.purewave
$INCLUDE dictionary.quiconnect
$INCLUDE dictionary.quintum
$INCLUDE dictionary.rcntec
$INCLUDE dictionary.redcreek
$INCLUDE dictionary.riverbed
$INCLUDE dictionary.riverstone
$INCLUDE dictionary.roaringpenguin
$INCLUDE dictionary.ruckus
$INCLUDE dictionary.ruggedcom
$INCLUDE dictionary.sangoma
$INCLUDE dictionary.sg
$INCLUDE dictionary.shasta
$INCLUDE dictionary.shiva
$INCLUDE dictionary.siemens
$INCLUDE dictionary.slipstream
$INCLUDE dictionary.sofaware
$INCLUDE dictionary.softbank
$INCLUDE dictionary.sonicwall
$INCLUDE dictionary.springtide
$INCLUDE dictionary.starent
$INCLUDE dictionary.surfnet
$INCLUDE dictionary.symbol
$INCLUDE dictionary.t_systems_nova
$INCLUDE dictionary.telebit
$INCLUDE dictionary.telkom
$INCLUDE dictionary.terena
$INCLUDE dictionary.trapeze
$INCLUDE dictionary.travelping
$INCLUDE dictionary.tripplite
$INCLUDE dictionary.tropos
$INCLUDE dictionary.ukerna
$INCLUDE dictionary.unix
$INCLUDE dictionary.usr
$INCLUDE dictionary.utstarcom
$INCLUDE dictionary.valemount
$INCLUDE dictionary.vasexperts
$INCLUDE dictionary.verizon
$INCLUDE dictionary.versanet
$INCLUDE dictionary.walabi
$INCLUDE dictionary.waverider
$INCLUDE dictionary.wichorus
$INCLUDE dictionary.wifialliance
$INCLUDE dictionary.wimax
$INCLUDE dictionary.wispr
$INCLUDE dictionary.xedia
$INCLUDE dictionary.xylan
$INCLUDE dictionary.yubico
$INCLUDE dictionary.zeus
$INCLUDE dictionary.zte
$INCLUDE dictionary.zyxel

#
#       And finally the server internal attributes.
#       These are attributes which NEVER go into a RADIUS packet.
#
$INCLUDE dictionary.freeradius.internal

cat /usr/local/share/freeradius/dictionary.compat
# -*- text -*-
# Copyright (C) 2019 The FreeRADIUS Server project and contributors
# This work is licensed under CC-BY version 4.0
https://creativecommons.org/licenses/by/4.0
#
#       Obsolete names for backwards compatibility with older users files.
#       Move the $INCLUDE in the main dictionary file to the end if you want
#       these names to be used in the "details" logfile.
#

#  This has been removed.  Too many people get it wrong.
#ATTRIBUTE      Password                                2       string
 encrypt=1
ATTRIBUTE       Client-Id                               4       ipaddr
ATTRIBUTE       Client-Port-Id                          5       integer
ATTRIBUTE       User-Service-Type                       6       integer
ATTRIBUTE       Framed-Address                          8       ipaddr
ATTRIBUTE       Framed-Netmask                          9       ipaddr
ATTRIBUTE       Framed-Filter-Id                        11      string
ATTRIBUTE       Login-Host                              14      ipaddr
ATTRIBUTE       Login-Port                              16      integer
ATTRIBUTE       Old-Password                            17      string
ATTRIBUTE       Port-Message                            18      string
ATTRIBUTE       Dialback-No                             19      string
ATTRIBUTE       Dialback-Name                           20      string
ATTRIBUTE       Challenge-State                         24      string
VALUE   Framed-Compression              Van-Jacobsen-TCP-IP     1
VALUE   Framed-Compression              VJ-TCP-IP               1
VALUE   Service-Type                    Shell-User              6
VALUE   Auth-Type                       Unix                    1
VALUE   Service-Type                    Dialback-Login-User     3
VALUE   Service-Type                    Dialback-Framed-User    4
VALUE   Service-Type                    Dialout-Framed-User     5

#
#       For compatibility with MERIT users files.
#
ATTRIBUTE       Login-Callback-Number                   19      string
ATTRIBUTE       Framed-Callback-Id                      20      string
ATTRIBUTE       Client-Port-DNIS                        30      string
ATTRIBUTE       Caller-ID                               31      string
VALUE   Service-Type                    Login                   1
VALUE   Service-Type                    Framed                  2
VALUE   Service-Type                    Callback-Login          3
VALUE   Service-Type                    Callback-Framed         4
VALUE   Service-Type                    Exec-User               7


All dictionaries have default content. All these dictionaries I got after
installing from source. Nothing was changed.

On Mon, Aug 31, 2020 at 9:58 PM Jorge Pereira <[hidden email]>
wrote:

>
> > On 31 Aug 2020, at 15:50, Oleg Olejek <[hidden email]> wrote:
> >
> > Sure)
> > The Main goal is to deal with Fortigate using vendor specific attribute.
> > I added line at the end of radiusd.conf: $INCLUDE
> > /usr/local/share/freeradius/dictionary
>
> Share the content added into the file. Indeed, looks wrong. It will be
> hard to help if you don’t share the content. Therefore, keep in mind that
> the dictionaries files
> expect *only* the dictionary syntax. You can’t add “if(…) {}” or anything
> else.
>
>
> > radiusd -X gives this error:
> > including configuration file /usr/local/etc/raddb/mods-enabled/unpack
> > including configuration file /usr/local/etc/raddb/mods-enabled/utf8
> > including files in directory /usr/local/etc/raddb/policy.d/
> > including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
> > including configuration file /usr/local/etc/raddb/policy.d/accounting
> > including configuration file
> /usr/local/etc/raddb/policy.d/canonicalization
> > including configuration file /usr/local/etc/raddb/policy.d/control
> > including configuration file /usr/local/etc/raddb/policy.d/cui
> > including configuration file /usr/local/etc/raddb/policy.d/debug
> > including configuration file /usr/local/etc/raddb/policy.d/dhcp
> > including configuration file /usr/local/etc/raddb/policy.d/eap
> > including configuration file /usr/local/etc/raddb/policy.d/filter
> > including configuration file
> > /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
> > including configuration file /usr/local/etc/raddb/policy.d/operator-name
> > including configuration file /usr/local/etc/raddb/policy.d/rfc7542
> > including files in directory /usr/local/etc/raddb/sites-enabled/
> > including configuration file /usr/local/etc/raddb/sites-enabled/default
> > including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> > including configuration file /usr/local/share/freeradius/dictionary
> > including configuration file
> /usr/local/share/freeradius/dictionary.compat
> > /usr/local/share/freeradius/dictionary.compat[12]: Expecting section
> start
> > brace '{' after "ATTRIBUTE Client-Id"
> > Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
> >
> > On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <[hidden email]>
> > wrote:
> >
> >> Oleg,
> >>
> >> I didn’t understand that error. Can you share the debug output as
> >> described in https://wiki.freeradius.org/guide/radiusd-X <
> >> https://wiki.freeradius.org/guide/radiusd-X>
> >>
> >> --
> >> Jorge Pereira
> >> [hidden email]
> >>
> >>
> >>
> >>
> >>> On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
> >>>
> >>> dictionary.fortinet
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> >
> >
> > --
> > С уважением, Олежек Олег.
> > Тел.:+380933964967
> > Skype: dizaar
> >
> > Best Regards, Oleg Olezhek.
> > Phone: +380933964967
> > Skype: dizaar
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar

Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Oleg Olejek
I found my mistake, Sorry for disturbing You. All dict includes should be
set up in dictionary file in raddb directory. But documentation says that
it can also be pointed in radiusd.conf file. I managed to fix an issue. Thx
again.

On Mon, Aug 31, 2020 at 10:06 PM Oleg Olejek <[hidden email]> wrote:

> cat /usr/local/share/freeradius/dictionary
> # -*- text -*-
> # Copyright (C) 2019 The FreeRADIUS Server project and contributors
> # This work is licensed under CC-BY version 4.0
> https://creativecommons.org/licenses/by/4.0
> #
> # Version $Id: a6a2e16c0265bb3d0fcaa5521a89511aab695111 $
> #
> #       DO NOT EDIT THE FILES IN THIS DIRECTORY
> #
> #       The files in this directory are maintained and updated by
> #       the FreeRADIUS project.  Newer releases of software may update
> #       or change these files.
> #
> #       Use the main dictionary file (usually /etc/raddb/dictionary)
> #       for local system attributes and $INCLUDEs.
> #
> #
> #
> #       This file contains dictionary translations for parsing
> #       requests and generating responses.  All transactions are
> #       composed of Attribute/Value Pairs.  The value of each attribute
> #       is specified as one of a few data types.  Valid data types are:
> #
> #       string     - printable text, generally UTF-8 encoded.  (The RFCs
> call this "text")
> #       ipaddr     - 4 octets in network byte order
> #       ipv4prefix - 1 octet reserved, one octet prefix, 4 octets ipaddr
> #       integer    - 32 bit value in big endian order
> #       integer64  - 64 bit value in big endian order
> #       date       - 32 bit value in big endian order - seconds since
> #                    00:00:00 GMT,  Jan.  1,  1970
> #       ifid       - 8 octets in network byte order
> #       ipv6addr   - 16 octets in network byte order
> #       ipv6prefix - 1 octet reserved, one octet prefix, 16 octets ipv6addr
> #       tlv        - type-length-value
> #
> #       FreeRADIUS includes data types which are not defined
> #       in the RFC's.  These data types are:
> #
> #       abinary - Ascend's binary filter format.
> #       byte    - 8 bit unsigned integer
> #       ether   - 6 octets of hh:hh:hh:hh:hh:hh
> #                 where 'h' is hex digits, upper or lowercase.
> #       short   - 16-bit unsigned integer in network byte order
> #       signed  - 32-bit signed integer in network byte order
> #       octets  - raw octets, printed and input as hex strings.
> #                 e.g.: 0x123456789abcdef  The RFCs call this "string".
> #
> #       FreeRADIUS uses a number of data types which are defined in
> #       RFC 6929.  These data types should NEVER be used in any other
> #       dictionary.  We won't even list them here.
> #
> #
> #       Enumerated values are stored in the user file with dictionary
> #       VALUE translations for easy administration.
> #
> #       Example:
> #
> #       ATTRIBUTE         VALUE
> #       ---------------   -----
> #       Framed-Protocol = PPP
> #       7               = 1     (integer encoding)
> #
>
> #
> #       Include compatibility dictionary for older users file. Move
> #       this directive to the end of this file if you want to see the
> #       old names in the logfiles, instead of the new names.
> #
> $INCLUDE dictionary.compat
>
> #
> #       These dictionaries define attributes in the IETF managed space.
> #       (i.e. 1..255). This is wrong.  We include them here to allow them.
> #       The IETF allocated ones are listed below, which gives them
> priority.
> #
> #       i.e. don't do this.  Don't use these attributes
> #
> $INCLUDE dictionary.usr.illegal
> $INCLUDE dictionary.ascend.illegal
>
> #
> #       IETF allocated attributes and values.  Split out into
> #       the RFC which defined them.
> #
> #       For a complete list of the standard attributes and values,
> #       see:
> #               http://www.iana.org/assignments/radius-types
> #
> $INCLUDE dictionary.rfc2865
> $INCLUDE dictionary.rfc2866
> $INCLUDE dictionary.rfc2867
> $INCLUDE dictionary.rfc2868
> $INCLUDE dictionary.rfc2869
> $INCLUDE dictionary.rfc3162
> $INCLUDE dictionary.rfc3576
> $INCLUDE dictionary.rfc3580
> $INCLUDE dictionary.rfc4072
> $INCLUDE dictionary.rfc4372
> $INCLUDE dictionary.rfc4603
> $INCLUDE dictionary.rfc4675
> $INCLUDE dictionary.rfc4679
> $INCLUDE dictionary.rfc4818
> $INCLUDE dictionary.rfc4849
> $INCLUDE dictionary.rfc5176
> $INCLUDE dictionary.rfc5447
> $INCLUDE dictionary.rfc5580
> $INCLUDE dictionary.rfc5607
> $INCLUDE dictionary.rfc5904
> $INCLUDE dictionary.rfc6519
> $INCLUDE dictionary.rfc6572
> $INCLUDE dictionary.rfc6677
> $INCLUDE dictionary.rfc6911
> $INCLUDE dictionary.rfc6929
> $INCLUDE dictionary.rfc6930
> $INCLUDE dictionary.rfc7055
> $INCLUDE dictionary.rfc7155
> $INCLUDE dictionary.rfc7268
> $INCLUDE dictionary.rfc7499
> $INCLUDE dictionary.rfc7930
> $INCLUDE dictionary.rfc8045
> $INCLUDE dictionary.rfc8559
>
> #
> #       Mostly values which have been allocated by IANA under
> #       "expert review", but which don't have an RFC associated with them.
> #
> $INCLUDE dictionary.iana
>
> #
> #  Commented out because of attribute conflicts.
> #
> #$INCLUDE dictionary.alvarion.wimax.v2_2
> #$INCLUDE dictionary.nokia.conflict
> #$INCLUDE dictionary.openser
> #$INCLUDE dictionary.starent.vsa1
> #$INCLUDE dictionary.wimax.wichorus
>
> #
> #       Vendor dictionaries are listed after the standard ones.
> #
> $INCLUDE dictionary.3com
> $INCLUDE dictionary.3gpp
> $INCLUDE dictionary.3gpp2
> $INCLUDE dictionary.acc
> $INCLUDE dictionary.acme
> $INCLUDE dictionary.actelis
> $INCLUDE dictionary.adtran
> $INCLUDE dictionary.aerohive
> $INCLUDE dictionary.airespace
> $INCLUDE dictionary.alcatel
> $INCLUDE dictionary.alcatel-lucent.aaa
> $INCLUDE dictionary.alcatel.esam
> $INCLUDE dictionary.alcatel.sr
> $INCLUDE dictionary.alteon
> $INCLUDE dictionary.altiga
> $INCLUDE dictionary.alvarion
> $INCLUDE dictionary.apc
> $INCLUDE dictionary.aptilo
> $INCLUDE dictionary.aptis
> $INCLUDE dictionary.arbor
> $INCLUDE dictionary.arista
> $INCLUDE dictionary.aruba
> $INCLUDE dictionary.ascend
> $INCLUDE dictionary.asn
> $INCLUDE dictionary.audiocodes
> $INCLUDE dictionary.avaya
> $INCLUDE dictionary.azaire
> $INCLUDE dictionary.bay
> $INCLUDE dictionary.bigswitch
> $INCLUDE dictionary.bintec
> $INCLUDE dictionary.bluecoat
> $INCLUDE dictionary.boingo
> $INCLUDE dictionary.bristol
> $INCLUDE dictionary.broadsoft
> $INCLUDE dictionary.brocade
> $INCLUDE dictionary.bskyb
> $INCLUDE dictionary.bt
> $INCLUDE dictionary.cablelabs
> $INCLUDE dictionary.cabletron
> $INCLUDE dictionary.camiant
> $INCLUDE dictionary.checkpoint
> $INCLUDE dictionary.chillispot
> $INCLUDE dictionary.cisco
> $INCLUDE dictionary.cisco.asa
> #
> #        The Cisco VPN300 dictionary uses the same Vendor ID as the ASA
> one.
> #        You shouldn't use both at the same time.
> #
> #   Note : the altiga dictionary, not listed here, also uses the same
> Vendor ID
> #
> #$INCLUDE dictionary.cisco.vpn3000
> $INCLUDE dictionary.cisco.bbsm
> $INCLUDE dictionary.cisco.vpn5000
> $INCLUDE dictionary.citrix
> $INCLUDE dictionary.clavister
> $INCLUDE dictionary.cnergee
> $INCLUDE dictionary.colubris
> $INCLUDE dictionary.columbia_university
> $INCLUDE dictionary.compatible
> $INCLUDE dictionary.cosine
> $INCLUDE dictionary.dante
> $INCLUDE dictionary.dellemc
> $INCLUDE dictionary.digium
> $INCLUDE dictionary.dlink
> $INCLUDE dictionary.dragonwave
> $INCLUDE dictionary.efficientip
> $INCLUDE dictionary.eltex
> $INCLUDE dictionary.epygi
> $INCLUDE dictionary.equallogic
> $INCLUDE dictionary.ericsson
> $INCLUDE dictionary.ericsson.ab
> $INCLUDE dictionary.ericsson.packet.core.networks
> $INCLUDE dictionary.erx
> $INCLUDE dictionary.extreme
> $INCLUDE dictionary.f5
> $INCLUDE dictionary.fdxtended
> $INCLUDE dictionary.force10
> $INCLUDE dictionary.fortinet
> $INCLUDE dictionary.foundry
> $INCLUDE dictionary.freeradius
> $INCLUDE dictionary.freeswitch
> $INCLUDE dictionary.gandalf
> $INCLUDE dictionary.garderos
> $INCLUDE dictionary.gemtek
> $INCLUDE dictionary.h3c
> $INCLUDE dictionary.hillstone
> $INCLUDE dictionary.hp
> $INCLUDE dictionary.huawei
> $INCLUDE dictionary.iea
> $INCLUDE dictionary.infinera
> $INCLUDE dictionary.infoblox
> $INCLUDE dictionary.infonet
> $INCLUDE dictionary.ipunplugged
> $INCLUDE dictionary.issanni
> $INCLUDE dictionary.itk
> $INCLUDE dictionary.juniper
> $INCLUDE dictionary.karlnet
> $INCLUDE dictionary.kineto
> $INCLUDE dictionary.lancom
> $INCLUDE dictionary.lantronix
> $INCLUDE dictionary.livingston
> $INCLUDE dictionary.localweb
> $INCLUDE dictionary.lucent
> $INCLUDE dictionary.manzara
> $INCLUDE dictionary.meinberg
> $INCLUDE dictionary.meraki
> $INCLUDE dictionary.merit
> $INCLUDE dictionary.meru
> $INCLUDE dictionary.microsemi
> $INCLUDE dictionary.microsoft
> $INCLUDE dictionary.mikrotik
> $INCLUDE dictionary.mimosa
> $INCLUDE dictionary.motorola
> $INCLUDE dictionary.motorola.wimax
> $INCLUDE dictionary.navini
> $INCLUDE dictionary.net
> $INCLUDE dictionary.netscreen
> $INCLUDE dictionary.networkphysics
> $INCLUDE dictionary.nexans
> $INCLUDE dictionary.nokia
> $INCLUDE dictionary.nomadix
> $INCLUDE dictionary.nortel
> $INCLUDE dictionary.ntua
> $INCLUDE dictionary.packeteer
> $INCLUDE dictionary.paloalto
> $INCLUDE dictionary.patton
> $INCLUDE dictionary.perle
> $INCLUDE dictionary.pfsense
> $INCLUDE dictionary.pica8
> $INCLUDE dictionary.propel
> $INCLUDE dictionary.prosoft
> $INCLUDE dictionary.proxim
> $INCLUDE dictionary.purewave
> $INCLUDE dictionary.quiconnect
> $INCLUDE dictionary.quintum
> $INCLUDE dictionary.rcntec
> $INCLUDE dictionary.redcreek
> $INCLUDE dictionary.riverbed
> $INCLUDE dictionary.riverstone
> $INCLUDE dictionary.roaringpenguin
> $INCLUDE dictionary.ruckus
> $INCLUDE dictionary.ruggedcom
> $INCLUDE dictionary.sangoma
> $INCLUDE dictionary.sg
> $INCLUDE dictionary.shasta
> $INCLUDE dictionary.shiva
> $INCLUDE dictionary.siemens
> $INCLUDE dictionary.slipstream
> $INCLUDE dictionary.sofaware
> $INCLUDE dictionary.softbank
> $INCLUDE dictionary.sonicwall
> $INCLUDE dictionary.springtide
> $INCLUDE dictionary.starent
> $INCLUDE dictionary.surfnet
> $INCLUDE dictionary.symbol
> $INCLUDE dictionary.t_systems_nova
> $INCLUDE dictionary.telebit
> $INCLUDE dictionary.telkom
> $INCLUDE dictionary.terena
> $INCLUDE dictionary.trapeze
> $INCLUDE dictionary.travelping
> $INCLUDE dictionary.tripplite
> $INCLUDE dictionary.tropos
> $INCLUDE dictionary.ukerna
> $INCLUDE dictionary.unix
> $INCLUDE dictionary.usr
> $INCLUDE dictionary.utstarcom
> $INCLUDE dictionary.valemount
> $INCLUDE dictionary.vasexperts
> $INCLUDE dictionary.verizon
> $INCLUDE dictionary.versanet
> $INCLUDE dictionary.walabi
> $INCLUDE dictionary.waverider
> $INCLUDE dictionary.wichorus
> $INCLUDE dictionary.wifialliance
> $INCLUDE dictionary.wimax
> $INCLUDE dictionary.wispr
> $INCLUDE dictionary.xedia
> $INCLUDE dictionary.xylan
> $INCLUDE dictionary.yubico
> $INCLUDE dictionary.zeus
> $INCLUDE dictionary.zte
> $INCLUDE dictionary.zyxel
>
> #
> #       And finally the server internal attributes.
> #       These are attributes which NEVER go into a RADIUS packet.
> #
> $INCLUDE dictionary.freeradius.internal
>
> cat /usr/local/share/freeradius/dictionary.compat
> # -*- text -*-
> # Copyright (C) 2019 The FreeRADIUS Server project and contributors
> # This work is licensed under CC-BY version 4.0
> https://creativecommons.org/licenses/by/4.0
> #
> #       Obsolete names for backwards compatibility with older users files.
> #       Move the $INCLUDE in the main dictionary file to the end if you
> want
> #       these names to be used in the "details" logfile.
> #
>
> #  This has been removed.  Too many people get it wrong.
> #ATTRIBUTE      Password                                2       string
>  encrypt=1
> ATTRIBUTE       Client-Id                               4       ipaddr
> ATTRIBUTE       Client-Port-Id                          5       integer
> ATTRIBUTE       User-Service-Type                       6       integer
> ATTRIBUTE       Framed-Address                          8       ipaddr
> ATTRIBUTE       Framed-Netmask                          9       ipaddr
> ATTRIBUTE       Framed-Filter-Id                        11      string
> ATTRIBUTE       Login-Host                              14      ipaddr
> ATTRIBUTE       Login-Port                              16      integer
> ATTRIBUTE       Old-Password                            17      string
> ATTRIBUTE       Port-Message                            18      string
> ATTRIBUTE       Dialback-No                             19      string
> ATTRIBUTE       Dialback-Name                           20      string
> ATTRIBUTE       Challenge-State                         24      string
> VALUE   Framed-Compression              Van-Jacobsen-TCP-IP     1
> VALUE   Framed-Compression              VJ-TCP-IP               1
> VALUE   Service-Type                    Shell-User              6
> VALUE   Auth-Type                       Unix                    1
> VALUE   Service-Type                    Dialback-Login-User     3
> VALUE   Service-Type                    Dialback-Framed-User    4
> VALUE   Service-Type                    Dialout-Framed-User     5
>
> #
> #       For compatibility with MERIT users files.
> #
> ATTRIBUTE       Login-Callback-Number                   19      string
> ATTRIBUTE       Framed-Callback-Id                      20      string
> ATTRIBUTE       Client-Port-DNIS                        30      string
> ATTRIBUTE       Caller-ID                               31      string
> VALUE   Service-Type                    Login                   1
> VALUE   Service-Type                    Framed                  2
> VALUE   Service-Type                    Callback-Login          3
> VALUE   Service-Type                    Callback-Framed         4
> VALUE   Service-Type                    Exec-User               7
>
>
> All dictionaries have default content. All these dictionaries I got after
> installing from source. Nothing was changed.
>
> On Mon, Aug 31, 2020 at 9:58 PM Jorge Pereira <[hidden email]>
> wrote:
>
>>
>> > On 31 Aug 2020, at 15:50, Oleg Olejek <[hidden email]> wrote:
>> >
>> > Sure)
>> > The Main goal is to deal with Fortigate using vendor specific attribute.
>> > I added line at the end of radiusd.conf: $INCLUDE
>> > /usr/local/share/freeradius/dictionary
>>
>> Share the content added into the file. Indeed, looks wrong. It will be
>> hard to help if you don’t share the content. Therefore, keep in mind that
>> the dictionaries files
>> expect *only* the dictionary syntax. You can’t add “if(…) {}” or anything
>> else.
>>
>>
>> > radiusd -X gives this error:
>> > including configuration file /usr/local/etc/raddb/mods-enabled/unpack
>> > including configuration file /usr/local/etc/raddb/mods-enabled/utf8
>> > including files in directory /usr/local/etc/raddb/policy.d/
>> > including configuration file /usr/local/etc/raddb/policy.d/abfab-tr
>> > including configuration file /usr/local/etc/raddb/policy.d/accounting
>> > including configuration file
>> /usr/local/etc/raddb/policy.d/canonicalization
>> > including configuration file /usr/local/etc/raddb/policy.d/control
>> > including configuration file /usr/local/etc/raddb/policy.d/cui
>> > including configuration file /usr/local/etc/raddb/policy.d/debug
>> > including configuration file /usr/local/etc/raddb/policy.d/dhcp
>> > including configuration file /usr/local/etc/raddb/policy.d/eap
>> > including configuration file /usr/local/etc/raddb/policy.d/filter
>> > including configuration file
>> > /usr/local/etc/raddb/policy.d/moonshot-targeted-ids
>> > including configuration file /usr/local/etc/raddb/policy.d/operator-name
>> > including configuration file /usr/local/etc/raddb/policy.d/rfc7542
>> > including files in directory /usr/local/etc/raddb/sites-enabled/
>> > including configuration file /usr/local/etc/raddb/sites-enabled/default
>> > including configuration file
>> /usr/local/etc/raddb/sites-enabled/inner-tunnel
>> > including configuration file /usr/local/share/freeradius/dictionary
>> > including configuration file
>> /usr/local/share/freeradius/dictionary.compat
>> > /usr/local/share/freeradius/dictionary.compat[12]: Expecting section
>> start
>> > brace '{' after "ATTRIBUTE Client-Id"
>> > Errors reading or parsing /usr/local/etc/raddb/radiusd.conf
>> >
>> > On Mon, Aug 31, 2020 at 9:43 PM Jorge Pereira <[hidden email]>
>> > wrote:
>> >
>> >> Oleg,
>> >>
>> >> I didn’t understand that error. Can you share the debug output as
>> >> described in https://wiki.freeradius.org/guide/radiusd-X <
>> >> https://wiki.freeradius.org/guide/radiusd-X>
>> >>
>> >> --
>> >> Jorge Pereira
>> >> [hidden email]
>> >>
>> >>
>> >>
>> >>
>> >>> On 31 Aug 2020, at 12:27, Oleg Olejek <[hidden email]> wrote:
>> >>>
>> >>> dictionary.fortinet
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >
>> >
>> >
>> > --
>> > С уважением, Олежек Олег.
>> > Тел.:+380933964967
>> > Skype: dizaar
>> >
>> > Best Regards, Oleg Olezhek.
>> > Phone: +380933964967
>> > Skype: dizaar
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
> С уважением, Олежек Олег.
> Тел.:+380933964967
> Skype: dizaar
>
> Best Regards, Oleg Olezhek.
> Phone: +380933964967
> Skype: dizaar
>


--
С уважением, Олежек Олег.
Тел.:+380933964967
Skype: dizaar

Best Regards, Oleg Olezhek.
Phone: +380933964967
Skype: dizaar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Alan DeKok-2
On Aug 31, 2020, at 3:31 PM, Oleg Olejek <[hidden email]> wrote:
>
> I found my mistake, Sorry for disturbing You. All dict includes should be
> set up in dictionary file in raddb directory. But documentation says that
> it can also be pointed in radiusd.conf file.

  No it doesn't.  The examples in radiusd.conf says that you can tell the server where the dictionaries are.  And, the server will automatically load them.  The default configuration works.  All of the documentation says this.  The documentation says you install the server, and it works.

  The documentation does NOT say that the server is broken in the default configuration.  The documentation does NOT say that you need to edit radiusd.conf to $INCLUDE the dictionaries into the main configuration.

  You were told on GitHub that you had edited the default configuration and broken it.  The solution *should* be to remove the broken edits.

  Further, the documentation Jorge pointed you to said DON'T post the default configuration files to the list.  You still did that.

  We highly recommend *reading* the documentation, and *following* the instructions you find there.  Doing so will save you much time and effort.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Including vendor dictionary in config

Oleg Olejek
I found my mistake. Sorry, i didn't try to argue. I made an include in
dictionary file in raddb directory and freeradius sends Fortinet vsa as
expected. Thanks for your help and time. I appreciate it.

On Mon, Aug 31, 2020, 10:38 PM Alan DeKok <[hidden email]> wrote:

> On Aug 31, 2020, at 3:31 PM, Oleg Olejek <[hidden email]> wrote:
> >
> > I found my mistake, Sorry for disturbing You. All dict includes should be
> > set up in dictionary file in raddb directory. But documentation says that
> > it can also be pointed in radiusd.conf file.
>
>   No it doesn't.  The examples in radiusd.conf says that you can tell the
> server where the dictionaries are.  And, the server will automatically load
> them.  The default configuration works.  All of the documentation says
> this.  The documentation says you install the server, and it works.
>
>   The documentation does NOT say that the server is broken in the default
> configuration.  The documentation does NOT say that you need to edit
> radiusd.conf to $INCLUDE the dictionaries into the main configuration.
>
>   You were told on GitHub that you had edited the default configuration
> and broken it.  The solution *should* be to remove the broken edits.
>
>   Further, the documentation Jorge pointed you to said DON'T post the
> default configuration files to the list.  You still did that.
>
>   We highly recommend *reading* the documentation, and *following* the
> instructions you find there.  Doing so will save you much time and effort.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html