Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default.
-
pfSense Plus version 23.05.1-RELEASE (amd64) on a Dell Optiplex 3060.
Have been running FreeRadius3 for 3+ years with no issues. I foolishly updated FreeRadius3 from version 0.15.10 to 0.15.10_1 during working hours and all FreeRadius3 configuration files were set to default values, empty.
The only solution that I can see is to wait until my 200+ users have gone home, remove the FreeRadius3 package, and then restore the packages from a backup that I made last week.
It would be really nice if I could restore the configuration files to a directory on a PC or the firewall, and then copy them over the empty ones.
-
Adding to what I said above, I was able to boot a backup version of the production pfSense router and use WinSCP to grab all of the files from the /usr/local/etc/raddb directory. I copied them to my PC, and then uploaded them to the production firewall. I then restarted the radiusd service, but I am still unable to logon.
I guess that I will have to wait until most users are off the system this evening so I can remove the FreeRadius3 package, reboot the firewall, reinstall the package from a backup file, and then reboot and test the FreeRadius3 service. Fingers crossed!
-
@GregBinSD your config should be in your last backup - you just need to restore it, and you don't have to change the package.. Just had thread about this..
Which I linked to the redmine about it as well.
-
@johnpoz
Thank you for the info, John. I will be doing the restore after hours and testing. I'll get back with the method and the results. -
I was able to restore the FreeRadius3 configuration with all users working.
The way that I did it was to remove the FreeRadius3 package. I then reinstalled it. I went to Diagnostics, Backup and Restore, and picked the most recent backup from last week, and selected to restore only the Package Manage from the list. pfSense needed to be rebooted. Lastly, I selected Reinstall All Packages.
-
@GregBinSD said in Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default.:
restore the packages from a backup that I made last week
You're not using :
?
If I might ask : why ?
And any reason will be a good reason. But Then you have to apply plan B : make local copies. You could automatize this also ....Normally, it's not a simple package update that can 'wipe' stuff.
I don't count the hard disks dying on me anymore..... and when doing so, they do take all the data with them. -
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
The older version of the package (0.15.10) had a bug where it wouldn't respect the "keep settings" value unless you had went to the main Settings tab in FreeRADIUS and clicked Save there at least once since that option was added however long ago. So when that version was uninstalled, it removed your settings. It's fixed in 0.15.10_1.
-
G Gertjan referenced this topic on
-
@jimp
Thank you for fixing that bug! -
Oof, this wiped out my FreeRADIUS config as well. Did a full restore from a manual backup and a reboot. Thank goodness for backups.
Can this FreeRADIUS security issue get some love? I deleted all my users (1 user for each phone, iPad, laptop, etc.) to test it, and they're all still able to connect. Using EAP-TLS. That checkbox basically does nothing. Thanks
Check Client Certificate CN
Validate the Client Certificate Common NameWhen enabled, the Common Name of the client certificate must match the username set in 'FreeRADIUS > Users'. (Default: Unchecked)
-
F Finger79 referenced this topic on
