<resolved>Can't Install FreeRadius2 After Update</resolved>
-
@cmb:
Hm, that's not happening here. Full or nanobsd? 32 or 64 bit?
Hmmm… That's not what I want to hear...
I'm running full, AMD64. As I said above, this was a clean install initially (on a new SSD), but I immediately restored a 2.2.4 backup config that had freeradius installed.
-
Is there a way to get more detailed information about what's hanging during the custom_php _install_command? And would it make sense to do some sort of manual uninstall of freeradius? I'm not sure what that would be, other than finding deleting it's files… But without knowing what's causing the installer to hang I'm a bit reluctant to do that.
-
What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
Assuming all 'files' are present this should be able to run from there..include('freeradius.inc'); echo "1"; // We create here different folders for different counters. @mkdir("/var/log/radacct/datacounter/daily", 0755, true); @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); @mkdir("/var/log/radacct/datacounter/monthly", 0755, true); @mkdir("/var/log/radacct/datacounter/forever", 0755, true); @mkdir("/var/log/radacct/timecounter", 0755, true); @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true); echo "2"; unlink_if_exists("/usr/local/etc/raddb"); @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct"); if (file_exists($frlib)) exec("chown -R root:wheel {$frlib}"); echo "3"; // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) { log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup"); copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup"); } echo "4"; // creating a backup file of the original /modules/files no matter if user checked this or not if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) { log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup"); copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup"); } echo "5"; // Disable virtual-server we do not need by default if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); } if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); } echo "6"; // We run this here just to suppress some warnings on syslog if file doesn't exist freeradius_authorizedmacs_resync(); echo "7a"; // These two functions create the module and the dictionary entry for Mobile-One-Time-Password freeradius_dictionary_resync(); echo "7b"; freeradius_modulesmotp_resync(); echo "8a"; // Here we create the modules and scripts for the datacounter freeradius_modulesdatacounter_resync(); echo "8b"; freeradius_datacounter_acct_resync(); echo "8c"; freeradius_datacounter_auth_resync(); echo "9a"; // Some initial module configuration freeradius_modulesmschap_resync(); echo "9b"; freeradius_modulesrealm_resync(); echo "9c"; freeradius_modulescounter_resync(); echo "10a"; // Initialize some config files - the functions below call other functions freeradius_sqlconf_resync(); echo "10b"; freeradius_eapconf_resync(); echo "10c"; freeradius_clients_resync(); echo "10d"; freeradius_modulesldap_resync(); exec
Then see what report back what numbers are printed, that should provide some info about which command might be hanging..
-
What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
Assuming all 'files' are present this should be able to run from there..include('freeradius.inc'); echo "1"; // We create here different folders for different counters. @mkdir("/var/log/radacct/datacounter/daily", 0755, true); @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); @mkdir("/var/log/radacct/datacounter/monthly", 0755, true); @mkdir("/var/log/radacct/datacounter/forever", 0755, true); @mkdir("/var/log/radacct/timecounter", 0755, true); @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true); echo "2"; unlink_if_exists("/usr/local/etc/raddb"); @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb"); if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct"); if (file_exists($frlib)) exec("chown -R root:wheel {$frlib}"); echo "3"; // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) { log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup"); copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup"); } echo "4"; // creating a backup file of the original /modules/files no matter if user checked this or not if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) { log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup"); copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup"); } echo "5"; // Disable virtual-server we do not need by default if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); } if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); } echo "6"; // We run this here just to suppress some warnings on syslog if file doesn't exist freeradius_authorizedmacs_resync(); echo "7a"; // These two functions create the module and the dictionary entry for Mobile-One-Time-Password freeradius_dictionary_resync(); echo "7b"; freeradius_modulesmotp_resync(); echo "8a"; // Here we create the modules and scripts for the datacounter freeradius_modulesdatacounter_resync(); echo "8b"; freeradius_datacounter_acct_resync(); echo "8c"; freeradius_datacounter_auth_resync(); echo "9a"; // Some initial module configuration freeradius_modulesmschap_resync(); echo "9b"; freeradius_modulesrealm_resync(); echo "9c"; freeradius_modulescounter_resync(); echo "10a"; // Initialize some config files - the functions below call other functions freeradius_sqlconf_resync(); echo "10b"; freeradius_eapconf_resync(); echo "10c"; freeradius_clients_resync(); echo "10d"; freeradius_modulesldap_resync(); exec
Then see what report back what numbers are printed, that should provide some info about which command might be hanging..
Thanks!
It reported back: 1234567a7b8a8b8c9a9b9c10a10b10c10d
-
After that did it return to the "pfSense shell:", or did it hang after showing 10d ? perhaps try the short version?:
include('freeradius.inc'); echo "10d"; freeradius_modulesldap_resync(); echo "10e"; // not testing writing a new rc file.. echo "10f"; start_service("radiusd"); echo "10g"; exec
If those succeed as well then i'm running out of ideas..
-
The previous commands did give me back a pfsense shell.
The shorter version does give me an error, though:
pfSense shell: include('freeradius.inc'); pfSense shell: echo "10d"; pfSense shell: freeradius_modulesldap_resync(); pfSense shell: echo "10e"; pfSense shell: // not testing writing a new rc file.. pfSense shell: echo "10f"; pfSense shell: start_service("radiusd"); pfSense shell: echo "10g"; pfSense shell: exec Fatal error: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61) in /usr/local/pkg/freeradius.inc on line 61 Call Stack: 0.0021 214952 1\. {main}() /usr/local/sbin/pfSsh.php:0 6181.5320 1690296 2\. playback_text() /usr/local/sbin/pfSsh.php:243 6181.5322 1693576 3\. eval('require_once('functions.inc'); require_once('globals.inc'); require_once('config.inc'); include('freeradius.inc'); echo "10d"; freeradius_modulesldap_resync(); echo "10e"; // not testing writing a new rc file.. echo "10f"; start_service("radiusd"); echo "10g"; ') /usr/local/sbin/pfSsh.php:345 PHP ERROR: Type: 1, File: /usr/local/pkg/freeradius.inc, Line: 61, Message: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61)
That one gave me an error.
I should note that I ran this after trying to reinstall freeradius with the package manager. But oddly, I only get this when I run the shorter version. The longer one still completes.
-
Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..
On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..
-
Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..
Sorry, I didn't know. With a fresh shell, the commands complete, and return me to a pfsense shell with the following output:
10d10e10f10g
On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..
I can't seem to deinstall freeradius. At least, freeradius.inc is still present in /usr/local/pkg (along with the config files), and the service is still running (and working).
-
Sorry im kinda out of options. I dont see any reason why initially the custom_php_install_command did not work.
But now you cant uninstall either.?I would say while its 'working' don't break it further. If you can clone the machine into a vm or something it would be interesting to try and find the underlying cause further.
What does the uninstall log show when trying to remove the package.?.
-
What does the uninstall log show when trying to remove the package.?.
Well, the package manager says it isn't installed, so I can't uninstall it. Is there a manual way to do it? Or is there a log tucked away somewhere I should be looking at?
I've thought about removing/renaming radiusd, but is that likely to make thing worse?
I don't particularly want to rebuild the system again… It wasn't a smooth process to begin with, and I don't really see what I could do differently this time around. I guess I could remove freeradius from my config file, but is that likely to screw things up?
As a side note, pfsense doesn't seem to gracefully handle missing plugins when you restore a config file. When I did my ill-fated upgrade, it seemed to recognize things like ntop didn't exist, but when I did the clean install, followed by a restore, I have a bunch of references to missing plugins all over the place. I can clean them out manually, by removing them from the config.xml, but it seems strange that I had to do that.
Edit:
I tried renaming radiusd and rebooting. I still wasn't able to successfully install the freeradius2 package, but I did notice that the installer did create radiusd before it hung.I also tried reinstalling all the packages. As far as I could tell, it didn't even try to reinstall freeradius2.
-
This is still a problem… and I'd really like to be able to update the freeradius package when there are updates.
So, barring new ideas on how to fix my current installation, what would I need to do to rebuild it? I already tried reinstalling packages- that didn't work. I'm guessing restoring a backup config is unlikely to work, too. So would I need to do a new clean install? That's what I initially did. Is there something I should do to limit the chances this would happen again. I'd really like to restore my current radius configuration, since I have a bunch of users and clients configured.
-
What shows up if you run? (should show two packages.):
pkg info | grep freeradius
Or try installing it again from command line.?:
pkg install -F pfSense-pkg-freeradius2
-
What shows up if you run? (should show two packages.):
pkg info | grep freeradius
Nothing shows up. It doesn't see freeradius installed.
Or try installing it again from command line.?:
pkg install -F pfSense-pkg-freeradius2
It completes, and brings me back to a shell, but it still doesn't actually install freeradius. Here's the output:
[2.3-RC][admin@pfsense]/root: pkg install -F pfSense-pkg-freeradius2 Updating pfSense-core repository catalogue... pkg install -F pfSense-pkg-freeradius2 pfSense-core repository is up-to-date. Updating pfSense repository catalogue... pfSense repository is up-to-date. All repositories are up-to-date. Checking integrity... done (0 conflicting) The following 6 package(s) will be affected (of 0 checked): New packages to be INSTALLED: pfSense-pkg-freeradius2: 1.7.3_1 [pfSense] bash: 4.3.42_1 [pfSense] freeradius: 2.2.9 [pfSense] krb5: 1.14 [pfSense] pkgconf: 0.9.12_1 [pfSense] postgresql93-client: 9.3.11 [pfSense] The process will require 22 MiB more space. Proceed with this action? [y/N]: Please type 'Y[es]' or 'N[o]' to make selection Proceed with this action? [y/N]: y
-
So, I was able to fix my problem tonight! The problem was me trying to restore a backup configuration that had packages installed and enabled. Notably, I was running pfblocker-ng, snort, and freeradius2. Complicating matters, that was the only backup config I had. Now I know better.
With BBcan177's help, I was able to get my pfSense box partially running after restoring my backup configuration, then I disabled packages, took a new backup, and did another clean install and config restore. Once I did that, the restore process went much smoother.
I should also note that I installed the freeradius2 package before I restored my backup configuration. I don't know if that was critical to getting the package to install, but it seemed prudent, given the problems I've had with it.
I'm not sure about the cause, but I can speculate a bit. Because pfblocker-ng was enabled in my backup config, various things were broken as the config and package restoration process started. Notably, unbound wouldn't start, due to missing pfblocker-ng files, and my firewall rules were screwed up. As a result, my pfSense box couldn't download packages. But, as far as I can tell, the base pfSense build must include radiusd (and ran it with the config pulled out of my config.xml), which seemed to leave my pfSense box partially thinking the package had already been installed, and partially knowing otherwise.
By installing freeradius2 first, before restoring my old config, and by ensuring that most packages were disabled in that config, everything went well.
-
Was having this same problem, multiple devices, and doing a force from the CLI resolved it.
pkg install -F pfSense-pkg-freeradius2