Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    <resolved>Can't Install FreeRadius2 After Update</resolved>

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      reggie14
      last edited by

      Well, at least I'm not the only one…

      One reason it is particularly annoying is that after I try to install freeradius2, I can't install/update any other packages until I restart the box.  Until then, I just get a "not_ready" message when I try to update something.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        Hm, that's not happening here. Full or nanobsd? 32 or 64 bit?

        1 Reply Last reply Reply Quote 0
        • R Offline
          reggie14
          last edited by

          @cmb:

          Hm, that's not happening here. Full or nanobsd? 32 or 64 bit?

          Hmmm… That's not what I want to hear...

          I'm running full, AMD64.  As I said above, this was a clean install initially (on a new SSD), but I immediately restored a 2.2.4 backup config that had freeradius installed.

          1 Reply Last reply Reply Quote 0
          • R Offline
            reggie14
            last edited by

            Is there a way to get more detailed information about what's hanging during the custom_php _install_command?  And would it make sense to do some sort of manual uninstall of freeradius?  I'm not sure what that would be, other than finding deleting it's files… But without knowing what's causing the installer to hang I'm a bit reluctant to do that.

            1 Reply Last reply Reply Quote 0
            • P Offline
              PiBa
              last edited by

              What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
              Assuming all 'files' are present this should be able to run from there..

              include('freeradius.inc');
              echo "1";
              // We create here different folders for different counters.
              @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
              @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
              @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
              @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
              @mkdir("/var/log/radacct/timecounter", 0755, true);
              @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
              
              echo "2";
              unlink_if_exists("/usr/local/etc/raddb");
              @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
              if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
              if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
              exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
              if (file_exists($frlib))
              	exec("chown -R root:wheel {$frlib}");
              
              echo "3";
              // creating a backup file of the original policy.conf no matter if user checked this or not
              if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
              	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
              	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
              }
              
              echo "4";
              // creating a backup file of the original /modules/files no matter if user checked this or not
              if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
              	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
              	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
              }
              
              echo "5";
              // Disable virtual-server we do not need by default
              if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
              if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
              
              echo "6";
              // We run this here just to suppress some warnings on syslog if file doesn't exist
              freeradius_authorizedmacs_resync();
              
              echo "7a";
              // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
              freeradius_dictionary_resync();
              echo "7b";
              freeradius_modulesmotp_resync();
              
              echo "8a";
              // Here we create the modules and scripts for the datacounter
              freeradius_modulesdatacounter_resync();
              echo "8b";
              freeradius_datacounter_acct_resync();
              echo "8c";
              freeradius_datacounter_auth_resync();
              
              echo "9a";
              // Some initial module configuration
              freeradius_modulesmschap_resync();
              echo "9b";
              freeradius_modulesrealm_resync();
              echo "9c";
              freeradius_modulescounter_resync();
              
              echo "10a";
              // Initialize some config files - the functions below call other functions
              freeradius_sqlconf_resync();
              echo "10b";
              freeradius_eapconf_resync();
              echo "10c";
              freeradius_clients_resync();
              echo "10d";
              freeradius_modulesldap_resync();
              exec
              

              Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

              1 Reply Last reply Reply Quote 0
              • R Offline
                reggie14
                last edited by

                @PiBa:

                What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
                Assuming all 'files' are present this should be able to run from there..

                include('freeradius.inc');
                echo "1";
                // We create here different folders for different counters.
                @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
                @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
                @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
                @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
                @mkdir("/var/log/radacct/timecounter", 0755, true);
                @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
                
                echo "2";
                unlink_if_exists("/usr/local/etc/raddb");
                @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
                if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
                if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
                exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
                if (file_exists($frlib))
                	exec("chown -R root:wheel {$frlib}");
                
                echo "3";
                // creating a backup file of the original policy.conf no matter if user checked this or not
                if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
                	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
                	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
                }
                
                echo "4";
                // creating a backup file of the original /modules/files no matter if user checked this or not
                if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
                	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
                	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
                }
                
                echo "5";
                // Disable virtual-server we do not need by default
                if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
                if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
                
                echo "6";
                // We run this here just to suppress some warnings on syslog if file doesn't exist
                freeradius_authorizedmacs_resync();
                
                echo "7a";
                // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
                freeradius_dictionary_resync();
                echo "7b";
                freeradius_modulesmotp_resync();
                
                echo "8a";
                // Here we create the modules and scripts for the datacounter
                freeradius_modulesdatacounter_resync();
                echo "8b";
                freeradius_datacounter_acct_resync();
                echo "8c";
                freeradius_datacounter_auth_resync();
                
                echo "9a";
                // Some initial module configuration
                freeradius_modulesmschap_resync();
                echo "9b";
                freeradius_modulesrealm_resync();
                echo "9c";
                freeradius_modulescounter_resync();
                
                echo "10a";
                // Initialize some config files - the functions below call other functions
                freeradius_sqlconf_resync();
                echo "10b";
                freeradius_eapconf_resync();
                echo "10c";
                freeradius_clients_resync();
                echo "10d";
                freeradius_modulesldap_resync();
                exec
                

                Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

                Thanks!

                It reported back: 1234567a7b8a8b8c9a9b9c10a10b10c10d

                1 Reply Last reply Reply Quote 0
                • P Offline
                  PiBa
                  last edited by

                  After that did it return to the "pfSense shell:", or did it hang after showing 10d ? perhaps try the short version?:

                  include('freeradius.inc');
                  echo "10d";
                  freeradius_modulesldap_resync();
                  echo "10e";
                  // not testing writing a new rc file..
                  echo "10f";
                  start_service("radiusd");
                  echo "10g";
                  exec
                  

                  If those succeed as well then i'm running out of ideas..

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    reggie14
                    last edited by

                    The previous commands did give me back a pfsense shell.

                    The shorter version does give me an error, though:

                    
                    pfSense shell: include('freeradius.inc');
                    pfSense shell: echo "10d";
                    pfSense shell: freeradius_modulesldap_resync();
                    pfSense shell: echo "10e";
                    pfSense shell: // not testing writing a new rc file..
                    pfSense shell: echo "10f";
                    pfSense shell: start_service("radiusd");
                    pfSense shell: echo "10g";
                    pfSense shell: exec
                    
                    Fatal error: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61) in /usr/local/pkg/freeradius.inc on line 61
                    
                    Call Stack:
                        0.0021     214952   1\. {main}() /usr/local/sbin/pfSsh.php:0
                     6181.5320    1690296   2\. playback_text() /usr/local/sbin/pfSsh.php:243
                     6181.5322    1693576   3\. eval('require_once('functions.inc');
                    require_once('globals.inc');
                    require_once('config.inc');
                    include('freeradius.inc');
                    echo "10d";
                    freeradius_modulesldap_resync();
                    echo "10e";
                    // not testing writing a new rc file..
                    echo "10f";
                    start_service("radiusd");
                    echo "10g";
                    
                    ') /usr/local/sbin/pfSsh.php:345
                    
                    PHP ERROR: Type: 1, File: /usr/local/pkg/freeradius.inc, Line: 61, Message: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61)
                    
                    

                    That one gave me an error.

                    I should note that I ran this after trying to reinstall freeradius with the package manager.  But oddly, I only get this when I run the shorter version.  The longer one still completes.

                    1 Reply Last reply Reply Quote 0
                    • P Offline
                      PiBa
                      last edited by

                      Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

                      On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

                      1 Reply Last reply Reply Quote 0
                      • R Offline
                        reggie14
                        last edited by

                        @PiBa:

                        Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

                        Sorry, I didn't know.  With a fresh shell, the commands complete, and return me to a pfsense shell with the following output:

                        10d10e10f10g

                        @PiBa:

                        On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

                        I can't seem to deinstall freeradius.  At least, freeradius.inc is still present in /usr/local/pkg (along with the config files), and the service is still running (and working).

                        1 Reply Last reply Reply Quote 0
                        • P Offline
                          PiBa
                          last edited by

                          Sorry im kinda out of options. I dont see any reason why initially the custom_php_install_command did not work.
                          But now you cant uninstall either.?

                          I would say while its 'working' don't break it further. If you can clone the machine into a vm or something it would be interesting to try and find the underlying cause further.

                          What does the uninstall log show when trying to remove the package.?.

                          1 Reply Last reply Reply Quote 0
                          • R Offline
                            reggie14
                            last edited by

                            @PiBa:

                            What does the uninstall log show when trying to remove the package.?.

                            Well, the package manager says it isn't installed, so I can't uninstall it.  Is there a manual way to do it? Or is there a log tucked away somewhere I should be looking at?

                            I've thought about removing/renaming radiusd, but is that likely to make thing worse?

                            I don't particularly want to rebuild the system again…  It wasn't a smooth process to begin with, and I don't really see what I could do differently this time around. I guess I could remove freeradius from my config file, but is that likely to screw things up?

                            As a side note, pfsense doesn't seem to gracefully handle missing plugins when you restore a config file.  When I did my ill-fated upgrade, it seemed to recognize things like ntop didn't exist, but when I did the clean install, followed by a restore, I have a bunch of references to missing plugins all over the place.  I can clean them out manually, by removing them from the config.xml, but it seems strange that I had to do that.

                            Edit:
                            I tried renaming radiusd and rebooting.  I still wasn't able to successfully install the freeradius2 package, but I did notice that the installer did create radiusd before it hung.

                            I also tried reinstalling all the packages.  As far as I could tell, it didn't even try to reinstall freeradius2.

                            1 Reply Last reply Reply Quote 0
                            • R Offline
                              reggie14
                              last edited by

                              This is still a problem…  and I'd really like to be able to update the freeradius package when there are updates.

                              So, barring new ideas on how to fix my current installation, what would I need to do to rebuild it?  I already tried reinstalling packages- that didn't work.  I'm guessing restoring a backup config is unlikely to work, too.  So would I need to do a new clean install?  That's what I initially did.  Is there something I should do to limit the chances this would happen again.  I'd really like to restore my current radius configuration, since I have a bunch of users and clients configured.

                              1 Reply Last reply Reply Quote 0
                              • P Offline
                                PiBa
                                last edited by

                                What shows up if you run? (should show two packages.):

                                pkg info | grep freeradius
                                

                                Or try installing it again from command line.?:

                                pkg install -F pfSense-pkg-freeradius2
                                
                                1 Reply Last reply Reply Quote 0
                                • R Offline
                                  reggie14
                                  last edited by

                                  @PiBa:

                                  What shows up if you run? (should show two packages.):

                                  pkg info | grep freeradius
                                  

                                  Nothing shows up.  It doesn't see freeradius installed.

                                  @PiBa:

                                  Or try installing it again from command line.?:

                                  pkg install -F pfSense-pkg-freeradius2
                                  

                                  It completes, and brings me back to a shell, but it still doesn't actually install freeradius.  Here's the output:

                                  
                                  [2.3-RC][admin@pfsense]/root: pkg install -F pfSense-pkg-freeradius2
                                  Updating pfSense-core repository catalogue...
                                  pkg install -F pfSense-pkg-freeradius2
                                  pfSense-core repository is up-to-date.
                                  Updating pfSense repository catalogue...
                                  pfSense repository is up-to-date.
                                  All repositories are up-to-date.
                                  Checking integrity... done (0 conflicting)
                                  The following 6 package(s) will be affected (of 0 checked):
                                  
                                  New packages to be INSTALLED:
                                          pfSense-pkg-freeradius2: 1.7.3_1 [pfSense]
                                          bash: 4.3.42_1 [pfSense]
                                          freeradius: 2.2.9 [pfSense]
                                          krb5: 1.14 [pfSense]
                                          pkgconf: 0.9.12_1 [pfSense]
                                          postgresql93-client: 9.3.11 [pfSense]
                                  
                                  The process will require 22 MiB more space.
                                  
                                  Proceed with this action? [y/N]: Please type 'Y[es]' or 'N[o]' to make selection
                                  
                                  Proceed with this action? [y/N]: y
                                  
                                  
                                  1 Reply Last reply Reply Quote 0
                                  • R Offline
                                    reggie14
                                    last edited by

                                    So, I was able to fix my problem tonight!  The problem was me trying to restore a backup configuration that had packages installed and enabled.  Notably, I was running pfblocker-ng, snort, and freeradius2.  Complicating matters, that was the only backup config I  had.  Now I know better.

                                    With BBcan177's help, I was able to get my pfSense box partially running after restoring my backup configuration, then I disabled packages, took a new backup, and did another clean install and config restore.  Once I did that, the restore process went much smoother.

                                    I should also note that I installed the freeradius2 package before I restored my backup configuration.  I don't know if that was critical to getting the package to install, but it seemed prudent, given the problems I've had with it.

                                    I'm not sure about the cause, but I can speculate a bit.  Because pfblocker-ng was enabled in my backup config, various things were broken as the config and package restoration process started.  Notably, unbound wouldn't start, due to missing pfblocker-ng files, and my firewall rules were screwed up. As a result, my pfSense box couldn't download packages.  But, as far as I can tell, the base pfSense build must include radiusd (and ran it with the config pulled out of my config.xml), which seemed to leave my pfSense box partially thinking the package had already been installed, and partially knowing otherwise.

                                    By installing freeradius2 first, before restoring my old config, and by ensuring that most packages were disabled in that config, everything went well.

                                    1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      dlasher
                                      last edited by

                                      Was having this same problem, multiple devices, and doing a force from the CLI resolved it.

                                      pkg install -F pfSense-pkg-freeradius2

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.