FreeRADIUS 3.0.22 has a bug.
-
Ok, so if the bug here does not affect the pfSense package directly I doubt it will be fixed before the next release. You can always use a 2.6 snapshot now if you really need that functionality.
Steve
-
@johnpoz said in FreeRADIUS 3.0.22 has a bug.:
Where does it say in the freerad gui in pfsense that it will read nas from the table?
Here:
@johnpoz said in FreeRADIUS 3.0.22 has a bug.:
So no I wouldn't expect it to do something you can not configure in the gui??
It is not a pfSense issue, it is a FreeRADIUS issue and it has been fixed in the latest version.
-
If FreeRadius was reading the NAS info from one of the tables, called "nas" the that info would be available only to FreeRadius, as the SQL database / tables are (normally) only accessible to FreeRadius.
When creating a NAS setup, the info would have to be stored in a text file for pfSense usage (the client) and FreeRadius.
I guess the (partial !) pfSense integration of FreeRadius chose for the text file as it's simpler to maintain.The same thing goes for the "authorized users" : they are not stored in the FreeRadius backed SQL, engine but in a file for common usage. Where :
pfSense : so it can build one.
FreeRadius : uses it.Right now, from what I've seen, the pfSense GUI does not interact at all with database.
-
@gertjan said in FreeRADIUS 3.0.22 has a bug.:
Right now, from what I've seen, the pfSense GUI does not interact at all with database.
Right. It does NOT. It is not a pfSense issue. The issue is the version of FreeRADIUS in the pfSense package delivered by version 2.5.2. Is there a way of fixing the package to include the unbugged version of FreeRADIUS?
-
Hmm, is there a specific Freeradius bug for this? I see it shows as 'fixed again' in the release notes.
We have an open bug for this issue here: https://redmine.pfsense.org/issues/12126
Steve
-
Is there any way I can get the current package updated to include the clean version of FreeRADIUS? I do not want to wait for the 2.6 stable release.
-
That would be something like :
Install pfsense 2.6.
Install the pfSense package FreeRadius, and try to find out what files were added. Copy these paths and files to a USB drive.
If possible, try to 'read' what's in the package, so you know where and what t look for.
Install 2.5.2.
Install Freeradius current version.
Overwrite the binaries with the ones you saved.This might work. Or break things. Or something in between.
It will be the old school method : discover, try, test, redo, over and over and succeed.I do presume that pfSense 2.6 is based on FreeBSD-12.2 STABLE? as 2.5.2.
-
I have already tried something like that.
I created a new virtual machine and installed FreeBSD 12.2 on it. Then I installed FreeRADIUS 3.0.23_1 and then copied the main binary file for FreeRADIUS (i.e.
radiusd) and overwrote it on the bugged version.It turned out that each FreeRADIUS binary and library has some sort of version stamp and will work with those of the same version.
Not to say that your idea would not work, it is just that it is not an elegant solution and very prone to break at the seams.
I believe the best way to deal with this problem is to get the current package updated.
How can I make that happen? Who has the privilege of updating that package?
Edit:
I think I found a solution.
I installed the DEV version of pfSense on a virtual machine and copied the contents of
/usr/local/etc/pkg/repos/pfSense.confto that on version 2.5.2. After that, I searched the development repository:[2.5.2-RELEASE][root@pfSense.home.arpa]/root: pkg search freeradius freeradius3-3.0.23_1 Free RADIUS server implementation pfSense-pkg-freeradius3-0.15.7_32 FreeRADIUS 3.x package for pfSense [2.5.2-RELEASE][root@pfSense.home.arpa]/root:Then I typed in this:
[2.5.2-RELEASE][root@pfSense.home.arpa]/root: pkg install -y pfSense-pkg-freeradius3-0.15.7_32And it worked! I can even see the new package in the installed packages pane:
I guess that puts the matter to rest.
-
@scilek said in FreeRADIUS 3.0.22 has a bug.:
It turned out that each FreeRADIUS binary and library has some sort of version stamp and will work with those of the same version.
pfSense uses FreeBSD, but uses other default system paths.
Example : the classic FreeBSD uses /etc/raddb for the config files.
pfSense uses /usr/local/etc/raddb/That's why I advise to install pfSEnse 2.6, not FreeBSD 12.2.
And yes, FreeRadius has a boatload of depencies, you have to parse them all out.
And yes, working this way s*cks.A native FreeBSD 12.2 stable OS install is needed if you want to make binaries from source.
During the make process, you can override all those 'pfSense' specific items, likes paths and whatever else.The fasted method could be : test drive 2.6 for a while.
It could work just fine for you. No need to take these bloody razor blade, edge of the wedge daily updates. Got 'final' when it's ready.@scilek said in FreeRADIUS 3.0.22 has a bug.:
Who has the privilege of updating that package?
Netgate probably works like any other company :
Every Friday, in the afternoon, all personnel is summoned to go to the local meeting room.
A lotteries will take place.
These are the numbers ( the 12xxx series at the beginning of every line ).
Every member present gets a number assigned.
Their mission, they want it, or no : repair the issue.Here you can see the known FreeRadius issues, some of them are assigned. Some are not.
Btw : I could be totally wrong, of course ;)
edit :
@scilek said in FreeRADIUS 3.0.22 has a bug.:
And it worked!
I love it !
Totally non supported of course, but just perfect for you, so :
Glad you figured something out. -
Mmm, nice result!
That was lucky. It could easily have not worked with 2.5.2.
Steve
-
@stephenw10 said in FreeRADIUS 3.0.22 has a bug.:
That was lucky. It could easily have not worked with 2.5.2.
Well, between me and you, it did not work the first time because I had forced a package repository update:
pkg update -fDoing that undid the modification I had done to the
pfSense.conffile. So I edited the file a second time and it worked.
