Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    <resolved>Can't Install FreeRadius2 After Update</resolved>

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      reggie14
      last edited by

      Update: I fixed my problem.  More details are provided in this post.

      Original Post: I ran into a problem when doing an update from pfSense 2.2.4 to 2.3-RC.  I ended up having to do a clean install, and then I restored my backup configuration.

      After various problems (which is a different story), I think I got everything working again… With one exception: I can't install freeradius2.  The odd thing is, the radiusd service is running- and it is working.

      The package manager says freeradius2 is configured, but not installed.  When I try to install it, it hangs on "Executing custom_php_install_command()..." (log provided below).

      
      >>> Installing pfSense-pkg-freeradius2... 
      Updating pfSense-core repository catalogue...
      pfSense-core repository is up-to-date.
      Updating pfSense repository catalogue...
      pfSense repository is up-to-date.
      All repositories are up-to-date.
      Checking integrity... done (0 conflicting)
      The following 6 package(s) will be affected (of 0 checked):
      
      New packages to be INSTALLED:
      	pfSense-pkg-freeradius2: 1.7.3_1 [pfSense]
      	bash: 4.3.42_1 [pfSense]
      	freeradius: 2.2.9 [pfSense]
      	krb5: 1.14 [pfSense]
      	pkgconf: 0.9.12_1 [pfSense]
      	postgresql93-client: 9.3.11 [pfSense]
      
      The process will require 22 MiB more space.
      [1/6] Installing pkgconf-0.9.12_1...
      [1/6] Extracting pkgconf-0.9.12_1: ....... done
      [2/6] Installing krb5-1.14...
      [2/6] Extracting krb5-1.14: .......... done
      [3/6] Installing postgresql93-client-9.3.11...
      [3/6] Extracting postgresql93-client-9.3.11: .......... done
      [4/6] Installing bash-4.3.42_1...
      [4/6] Extracting bash-4.3.42_1: .......... done
      [5/6] Installing freeradius-2.2.9...
      ===> Creating users and/or groups.
      Using existing group 'freeradius'.
      Using existing user 'freeradius'.
      ===> Setting user and group in radiusd.conf
      [5/6] Extracting freeradius-2.2.9: .......... done
      ===> Adjusting ownership of directory /usr/local/etc/raddb
      ===> Adjusting ownership of directory /var/log/radacct
      ===> Adjusting ownership of directory /var/run/radiusd
      ===> Adjusting ownership of /var/log/radius.log
      ===> Adjusting ownership of /var/log/radutmp
      ===> Adjusting ownership of /var/log/radwtmp
      ===> Updating libdir in /usr/local/etc/raddb/radiusd.conf
      [6/6] Installing pfSense-pkg-freeradius2-1.7.3_1...
      [6/6] Extracting pfSense-pkg-freeradius2-1.7.3_1: .......... done
      Saving updated package information...
      overwrite!
      Loading package configuration... done.
      Configuring package components...
      Loading package instructions...
      Custom commands...
      Executing custom_php_install_command()...
      
      

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • C Offline
        cwl
        last edited by

        I have the same problem. Several times uninstall/install. After an other failure I setup the whole system again - including a restore from backup. The problem was the same. But it workes - I can use freeradius.

        But there´s still the message "Update" in the package manager. When I start the update everything begins from new. In my opinion, there´s something wrong with the package (at the moment).

        So:

        • restore from backup
        • leave it as it is (if it works)
        1 Reply Last reply Reply Quote 0
        • R Offline
          reggie14
          last edited by

          Well, at least I'm not the only one…

          One reason it is particularly annoying is that after I try to install freeradius2, I can't install/update any other packages until I restart the box.  Until then, I just get a "not_ready" message when I try to update something.

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            Hm, that's not happening here. Full or nanobsd? 32 or 64 bit?

            1 Reply Last reply Reply Quote 0
            • R Offline
              reggie14
              last edited by

              @cmb:

              Hm, that's not happening here. Full or nanobsd? 32 or 64 bit?

              Hmmm… That's not what I want to hear...

              I'm running full, AMD64.  As I said above, this was a clean install initially (on a new SSD), but I immediately restored a 2.2.4 backup config that had freeradius installed.

              1 Reply Last reply Reply Quote 0
              • R Offline
                reggie14
                last edited by

                Is there a way to get more detailed information about what's hanging during the custom_php _install_command?  And would it make sense to do some sort of manual uninstall of freeradius?  I'm not sure what that would be, other than finding deleting it's files… But without knowing what's causing the installer to hang I'm a bit reluctant to do that.

                1 Reply Last reply Reply Quote 0
                • P Offline
                  PiBa
                  last edited by

                  What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
                  Assuming all 'files' are present this should be able to run from there..

                  include('freeradius.inc');
                  echo "1";
                  // We create here different folders for different counters.
                  @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
                  @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
                  @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
                  @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
                  @mkdir("/var/log/radacct/timecounter", 0755, true);
                  @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
                  
                  echo "2";
                  unlink_if_exists("/usr/local/etc/raddb");
                  @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
                  if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
                  if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
                  exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
                  if (file_exists($frlib))
                  	exec("chown -R root:wheel {$frlib}");
                  
                  echo "3";
                  // creating a backup file of the original policy.conf no matter if user checked this or not
                  if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
                  	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
                  	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
                  }
                  
                  echo "4";
                  // creating a backup file of the original /modules/files no matter if user checked this or not
                  if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
                  	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
                  	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
                  }
                  
                  echo "5";
                  // Disable virtual-server we do not need by default
                  if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
                  if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
                  
                  echo "6";
                  // We run this here just to suppress some warnings on syslog if file doesn't exist
                  freeradius_authorizedmacs_resync();
                  
                  echo "7a";
                  // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
                  freeradius_dictionary_resync();
                  echo "7b";
                  freeradius_modulesmotp_resync();
                  
                  echo "8a";
                  // Here we create the modules and scripts for the datacounter
                  freeradius_modulesdatacounter_resync();
                  echo "8b";
                  freeradius_datacounter_acct_resync();
                  echo "8c";
                  freeradius_datacounter_auth_resync();
                  
                  echo "9a";
                  // Some initial module configuration
                  freeradius_modulesmschap_resync();
                  echo "9b";
                  freeradius_modulesrealm_resync();
                  echo "9c";
                  freeradius_modulescounter_resync();
                  
                  echo "10a";
                  // Initialize some config files - the functions below call other functions
                  freeradius_sqlconf_resync();
                  echo "10b";
                  freeradius_eapconf_resync();
                  echo "10c";
                  freeradius_clients_resync();
                  echo "10d";
                  freeradius_modulesldap_resync();
                  exec
                  

                  Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    reggie14
                    last edited by

                    @PiBa:

                    What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
                    Assuming all 'files' are present this should be able to run from there..

                    include('freeradius.inc');
                    echo "1";
                    // We create here different folders for different counters.
                    @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
                    @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
                    @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
                    @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
                    @mkdir("/var/log/radacct/timecounter", 0755, true);
                    @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
                    
                    echo "2";
                    unlink_if_exists("/usr/local/etc/raddb");
                    @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
                    if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
                    if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
                    exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
                    if (file_exists($frlib))
                    	exec("chown -R root:wheel {$frlib}");
                    
                    echo "3";
                    // creating a backup file of the original policy.conf no matter if user checked this or not
                    if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
                    	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
                    	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
                    }
                    
                    echo "4";
                    // creating a backup file of the original /modules/files no matter if user checked this or not
                    if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
                    	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
                    	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
                    }
                    
                    echo "5";
                    // Disable virtual-server we do not need by default
                    if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
                    if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
                    
                    echo "6";
                    // We run this here just to suppress some warnings on syslog if file doesn't exist
                    freeradius_authorizedmacs_resync();
                    
                    echo "7a";
                    // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
                    freeradius_dictionary_resync();
                    echo "7b";
                    freeradius_modulesmotp_resync();
                    
                    echo "8a";
                    // Here we create the modules and scripts for the datacounter
                    freeradius_modulesdatacounter_resync();
                    echo "8b";
                    freeradius_datacounter_acct_resync();
                    echo "8c";
                    freeradius_datacounter_auth_resync();
                    
                    echo "9a";
                    // Some initial module configuration
                    freeradius_modulesmschap_resync();
                    echo "9b";
                    freeradius_modulesrealm_resync();
                    echo "9c";
                    freeradius_modulescounter_resync();
                    
                    echo "10a";
                    // Initialize some config files - the functions below call other functions
                    freeradius_sqlconf_resync();
                    echo "10b";
                    freeradius_eapconf_resync();
                    echo "10c";
                    freeradius_clients_resync();
                    echo "10d";
                    freeradius_modulesldap_resync();
                    exec
                    

                    Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

                    Thanks!

                    It reported back: 1234567a7b8a8b8c9a9b9c10a10b10c10d

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      PiBa
                      last edited by

                      After that did it return to the "pfSense shell:", or did it hang after showing 10d ? perhaps try the short version?:

                      include('freeradius.inc');
                      echo "10d";
                      freeradius_modulesldap_resync();
                      echo "10e";
                      // not testing writing a new rc file..
                      echo "10f";
                      start_service("radiusd");
                      echo "10g";
                      exec
                      

                      If those succeed as well then i'm running out of ideas..

                      1 Reply Last reply Reply Quote 0
                      • R Offline
                        reggie14
                        last edited by

                        The previous commands did give me back a pfsense shell.

                        The shorter version does give me an error, though:

                        
                        pfSense shell: include('freeradius.inc');
                        pfSense shell: echo "10d";
                        pfSense shell: freeradius_modulesldap_resync();
                        pfSense shell: echo "10e";
                        pfSense shell: // not testing writing a new rc file..
                        pfSense shell: echo "10f";
                        pfSense shell: start_service("radiusd");
                        pfSense shell: echo "10g";
                        pfSense shell: exec
                        
                        Fatal error: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61) in /usr/local/pkg/freeradius.inc on line 61
                        
                        Call Stack:
                            0.0021     214952   1\. {main}() /usr/local/sbin/pfSsh.php:0
                         6181.5320    1690296   2\. playback_text() /usr/local/sbin/pfSsh.php:243
                         6181.5322    1693576   3\. eval('require_once('functions.inc');
                        require_once('globals.inc');
                        require_once('config.inc');
                        include('freeradius.inc');
                        echo "10d";
                        freeradius_modulesldap_resync();
                        echo "10e";
                        // not testing writing a new rc file..
                        echo "10f";
                        start_service("radiusd");
                        echo "10g";
                        
                        ') /usr/local/sbin/pfSsh.php:345
                        
                        PHP ERROR: Type: 1, File: /usr/local/pkg/freeradius.inc, Line: 61, Message: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61)
                        
                        

                        That one gave me an error.

                        I should note that I ran this after trying to reinstall freeradius with the package manager.  But oddly, I only get this when I run the shorter version.  The longer one still completes.

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          PiBa
                          last edited by

                          Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

                          On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

                          1 Reply Last reply Reply Quote 0
                          • R Offline
                            reggie14
                            last edited by

                            @PiBa:

                            Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

                            Sorry, I didn't know.  With a fresh shell, the commands complete, and return me to a pfsense shell with the following output:

                            10d10e10f10g

                            @PiBa:

                            On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

                            I can't seem to deinstall freeradius.  At least, freeradius.inc is still present in /usr/local/pkg (along with the config files), and the service is still running (and working).

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              PiBa
                              last edited by

                              Sorry im kinda out of options. I dont see any reason why initially the custom_php_install_command did not work.
                              But now you cant uninstall either.?

                              I would say while its 'working' don't break it further. If you can clone the machine into a vm or something it would be interesting to try and find the underlying cause further.

                              What does the uninstall log show when trying to remove the package.?.

                              1 Reply Last reply Reply Quote 0
                              • R Offline
                                reggie14
                                last edited by

                                @PiBa:

                                What does the uninstall log show when trying to remove the package.?.

                                Well, the package manager says it isn't installed, so I can't uninstall it.  Is there a manual way to do it? Or is there a log tucked away somewhere I should be looking at?

                                I've thought about removing/renaming radiusd, but is that likely to make thing worse?

                                I don't particularly want to rebuild the system again…  It wasn't a smooth process to begin with, and I don't really see what I could do differently this time around. I guess I could remove freeradius from my config file, but is that likely to screw things up?

                                As a side note, pfsense doesn't seem to gracefully handle missing plugins when you restore a config file.  When I did my ill-fated upgrade, it seemed to recognize things like ntop didn't exist, but when I did the clean install, followed by a restore, I have a bunch of references to missing plugins all over the place.  I can clean them out manually, by removing them from the config.xml, but it seems strange that I had to do that.

                                Edit:
                                I tried renaming radiusd and rebooting.  I still wasn't able to successfully install the freeradius2 package, but I did notice that the installer did create radiusd before it hung.

                                I also tried reinstalling all the packages.  As far as I could tell, it didn't even try to reinstall freeradius2.

                                1 Reply Last reply Reply Quote 0
                                • R Offline
                                  reggie14
                                  last edited by

                                  This is still a problem…  and I'd really like to be able to update the freeradius package when there are updates.

                                  So, barring new ideas on how to fix my current installation, what would I need to do to rebuild it?  I already tried reinstalling packages- that didn't work.  I'm guessing restoring a backup config is unlikely to work, too.  So would I need to do a new clean install?  That's what I initially did.  Is there something I should do to limit the chances this would happen again.  I'd really like to restore my current radius configuration, since I have a bunch of users and clients configured.

                                  1 Reply Last reply Reply Quote 0
                                  • P Offline
                                    PiBa
                                    last edited by

                                    What shows up if you run? (should show two packages.):

                                    pkg info | grep freeradius
                                    

                                    Or try installing it again from command line.?:

                                    pkg install -F pfSense-pkg-freeradius2
                                    
                                    1 Reply Last reply Reply Quote 0
                                    • R Offline
                                      reggie14
                                      last edited by

                                      @PiBa:

                                      What shows up if you run? (should show two packages.):

                                      pkg info | grep freeradius
                                      

                                      Nothing shows up.  It doesn't see freeradius installed.

                                      @PiBa:

                                      Or try installing it again from command line.?:

                                      pkg install -F pfSense-pkg-freeradius2
                                      

                                      It completes, and brings me back to a shell, but it still doesn't actually install freeradius.  Here's the output:

                                      
                                      [2.3-RC][admin@pfsense]/root: pkg install -F pfSense-pkg-freeradius2
                                      Updating pfSense-core repository catalogue...
                                      pkg install -F pfSense-pkg-freeradius2
                                      pfSense-core repository is up-to-date.
                                      Updating pfSense repository catalogue...
                                      pfSense repository is up-to-date.
                                      All repositories are up-to-date.
                                      Checking integrity... done (0 conflicting)
                                      The following 6 package(s) will be affected (of 0 checked):
                                      
                                      New packages to be INSTALLED:
                                              pfSense-pkg-freeradius2: 1.7.3_1 [pfSense]
                                              bash: 4.3.42_1 [pfSense]
                                              freeradius: 2.2.9 [pfSense]
                                              krb5: 1.14 [pfSense]
                                              pkgconf: 0.9.12_1 [pfSense]
                                              postgresql93-client: 9.3.11 [pfSense]
                                      
                                      The process will require 22 MiB more space.
                                      
                                      Proceed with this action? [y/N]: Please type 'Y[es]' or 'N[o]' to make selection
                                      
                                      Proceed with this action? [y/N]: y
                                      
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • R Offline
                                        reggie14
                                        last edited by

                                        So, I was able to fix my problem tonight!  The problem was me trying to restore a backup configuration that had packages installed and enabled.  Notably, I was running pfblocker-ng, snort, and freeradius2.  Complicating matters, that was the only backup config I  had.  Now I know better.

                                        With BBcan177's help, I was able to get my pfSense box partially running after restoring my backup configuration, then I disabled packages, took a new backup, and did another clean install and config restore.  Once I did that, the restore process went much smoother.

                                        I should also note that I installed the freeradius2 package before I restored my backup configuration.  I don't know if that was critical to getting the package to install, but it seemed prudent, given the problems I've had with it.

                                        I'm not sure about the cause, but I can speculate a bit.  Because pfblocker-ng was enabled in my backup config, various things were broken as the config and package restoration process started.  Notably, unbound wouldn't start, due to missing pfblocker-ng files, and my firewall rules were screwed up. As a result, my pfSense box couldn't download packages.  But, as far as I can tell, the base pfSense build must include radiusd (and ran it with the config pulled out of my config.xml), which seemed to leave my pfSense box partially thinking the package had already been installed, and partially knowing otherwise.

                                        By installing freeradius2 first, before restoring my old config, and by ensuring that most packages were disabled in that config, everything went well.

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          dlasher
                                          last edited by

                                          Was having this same problem, multiple devices, and doing a force from the CLI resolved it.

                                          pkg install -F pfSense-pkg-freeradius2

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.