Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    <resolved>Can't Install FreeRadius2 After Update</resolved>

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      PiBa
      last edited by

      What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
      Assuming all 'files' are present this should be able to run from there..

      include('freeradius.inc');
      echo "1";
      // We create here different folders for different counters.
      @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
      @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
      @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
      @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
      @mkdir("/var/log/radacct/timecounter", 0755, true);
      @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
      
      echo "2";
      unlink_if_exists("/usr/local/etc/raddb");
      @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
      if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
      if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
      exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
      if (file_exists($frlib))
      	exec("chown -R root:wheel {$frlib}");
      
      echo "3";
      // creating a backup file of the original policy.conf no matter if user checked this or not
      if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
      	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
      	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
      }
      
      echo "4";
      // creating a backup file of the original /modules/files no matter if user checked this or not
      if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
      	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
      	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
      }
      
      echo "5";
      // Disable virtual-server we do not need by default
      if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
      if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
      
      echo "6";
      // We run this here just to suppress some warnings on syslog if file doesn't exist
      freeradius_authorizedmacs_resync();
      
      echo "7a";
      // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
      freeradius_dictionary_resync();
      echo "7b";
      freeradius_modulesmotp_resync();
      
      echo "8a";
      // Here we create the modules and scripts for the datacounter
      freeradius_modulesdatacounter_resync();
      echo "8b";
      freeradius_datacounter_acct_resync();
      echo "8c";
      freeradius_datacounter_auth_resync();
      
      echo "9a";
      // Some initial module configuration
      freeradius_modulesmschap_resync();
      echo "9b";
      freeradius_modulesrealm_resync();
      echo "9c";
      freeradius_modulescounter_resync();
      
      echo "10a";
      // Initialize some config files - the functions below call other functions
      freeradius_sqlconf_resync();
      echo "10b";
      freeradius_eapconf_resync();
      echo "10c";
      freeradius_clients_resync();
      echo "10d";
      freeradius_modulesldap_resync();
      exec
      

      Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

      1 Reply Last reply Reply Quote 0
      • R Offline
        reggie14
        last edited by

        @PiBa:

        What you could try is something opening a ssh session, then go to option '12) pfSense developer shell' and paste the following code in there, this is most of the code ran from the custom_php _install_command procedure..:
        Assuming all 'files' are present this should be able to run from there..

        include('freeradius.inc');
        echo "1";
        // We create here different folders for different counters.
        @mkdir("/var/log/radacct/datacounter/daily", 0755, true);
        @mkdir("/var/log/radacct/datacounter/weekly", 0755, true);
        @mkdir("/var/log/radacct/datacounter/monthly", 0755, true);
        @mkdir("/var/log/radacct/datacounter/forever", 0755, true);
        @mkdir("/var/log/radacct/timecounter", 0755, true);
        @mkdir(FREERADIUS_ETC . "/raddb/scripts", 0755, true);
        
        echo "2";
        unlink_if_exists("/usr/local/etc/raddb");
        @symlink(FREERADIUS_ETC . "/raddb", "/usr/local/etc/raddb");
        if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp");	}
        if (!file_exists("/var/log/radwtmp")) {	exec("touch /var/log/radwtmp");	}
        exec("chown -R root:wheel " . FREERADIUS_ETC . "/raddb /var/log/radacct");
        if (file_exists($frlib))
        	exec("chown -R root:wheel {$frlib}");
        
        echo "3";
        // creating a backup file of the original policy.conf no matter if user checked this or not
        if (!file_exists(FREERADIUS_ETC . "/raddb/policy.conf.backup")) {
        	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/policy.conf.backup");
        	copy(FREERADIUS_ETC . "/raddb/policy.conf", FREERADIUS_ETC . "/raddb/policy.conf.backup");
        }
        
        echo "4";
        // creating a backup file of the original /modules/files no matter if user checked this or not
        if (!file_exists(FREERADIUS_ETC . "/raddb/files.backup")) {
        	log_error("FreeRADIUS: Creating backup of the original file to " . FREERADIUS_ETC . "/raddb/files.backup");
        	copy(FREERADIUS_ETC . "/raddb/modules/files", FREERADIUS_ETC . "/raddb/files.backup");
        }
        
        echo "5";
        // Disable virtual-server we do not need by default
        if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/control-socket"); }
        if (file_exists(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel")) { unlink(FREERADIUS_ETC . "/raddb/sites-enabled/inner-tunnel"); }
        
        echo "6";
        // We run this here just to suppress some warnings on syslog if file doesn't exist
        freeradius_authorizedmacs_resync();
        
        echo "7a";
        // These two functions create the module and the dictionary entry for Mobile-One-Time-Password
        freeradius_dictionary_resync();
        echo "7b";
        freeradius_modulesmotp_resync();
        
        echo "8a";
        // Here we create the modules and scripts for the datacounter
        freeradius_modulesdatacounter_resync();
        echo "8b";
        freeradius_datacounter_acct_resync();
        echo "8c";
        freeradius_datacounter_auth_resync();
        
        echo "9a";
        // Some initial module configuration
        freeradius_modulesmschap_resync();
        echo "9b";
        freeradius_modulesrealm_resync();
        echo "9c";
        freeradius_modulescounter_resync();
        
        echo "10a";
        // Initialize some config files - the functions below call other functions
        freeradius_sqlconf_resync();
        echo "10b";
        freeradius_eapconf_resync();
        echo "10c";
        freeradius_clients_resync();
        echo "10d";
        freeradius_modulesldap_resync();
        exec
        

        Then see what report back what numbers are printed, that should provide some info about which command might be hanging..

        Thanks!

        It reported back: 1234567a7b8a8b8c9a9b9c10a10b10c10d

        1 Reply Last reply Reply Quote 0
        • P Offline
          PiBa
          last edited by

          After that did it return to the "pfSense shell:", or did it hang after showing 10d ? perhaps try the short version?:

          include('freeradius.inc');
          echo "10d";
          freeradius_modulesldap_resync();
          echo "10e";
          // not testing writing a new rc file..
          echo "10f";
          start_service("radiusd");
          echo "10g";
          exec
          

          If those succeed as well then i'm running out of ideas..

          1 Reply Last reply Reply Quote 0
          • R Offline
            reggie14
            last edited by

            The previous commands did give me back a pfsense shell.

            The shorter version does give me an error, though:

            
            pfSense shell: include('freeradius.inc');
            pfSense shell: echo "10d";
            pfSense shell: freeradius_modulesldap_resync();
            pfSense shell: echo "10e";
            pfSense shell: // not testing writing a new rc file..
            pfSense shell: echo "10f";
            pfSense shell: start_service("radiusd");
            pfSense shell: echo "10g";
            pfSense shell: exec
            
            Fatal error: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61) in /usr/local/pkg/freeradius.inc on line 61
            
            Call Stack:
                0.0021     214952   1\. {main}() /usr/local/sbin/pfSsh.php:0
             6181.5320    1690296   2\. playback_text() /usr/local/sbin/pfSsh.php:243
             6181.5322    1693576   3\. eval('require_once('functions.inc');
            require_once('globals.inc');
            require_once('config.inc');
            include('freeradius.inc');
            echo "10d";
            freeradius_modulesldap_resync();
            echo "10e";
            // not testing writing a new rc file..
            echo "10f";
            start_service("radiusd");
            echo "10g";
            
            ') /usr/local/sbin/pfSsh.php:345
            
            PHP ERROR: Type: 1, File: /usr/local/pkg/freeradius.inc, Line: 61, Message: Cannot redeclare freeradius_deinstall_command() (previously declared in /usr/local/pkg/freeradius.inc:61)
            
            

            That one gave me an error.

            I should note that I ran this after trying to reinstall freeradius with the package manager.  But oddly, I only get this when I run the shorter version.  The longer one still completes.

            1 Reply Last reply Reply Quote 0
            • P Offline
              PiBa
              last edited by

              Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

              On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

              1 Reply Last reply Reply Quote 0
              • R Offline
                reggie14
                last edited by

                @PiBa:

                Um you should start a 'fresh' developer shell, or not include the include command the second time during the same developer shell session ;) sorry..

                Sorry, I didn't know.  With a fresh shell, the commands complete, and return me to a pfsense shell with the following output:

                10d10e10f10g

                @PiBa:

                On the other hand, if you deinstalled freeradius, the freeradius.inc should nolonger be on the system, and thus throw a 'cannot find file' error..

                I can't seem to deinstall freeradius.  At least, freeradius.inc is still present in /usr/local/pkg (along with the config files), and the service is still running (and working).

                1 Reply Last reply Reply Quote 0
                • P Offline
                  PiBa
                  last edited by

                  Sorry im kinda out of options. I dont see any reason why initially the custom_php_install_command did not work.
                  But now you cant uninstall either.?

                  I would say while its 'working' don't break it further. If you can clone the machine into a vm or something it would be interesting to try and find the underlying cause further.

                  What does the uninstall log show when trying to remove the package.?.

                  1 Reply Last reply Reply Quote 0
                  • R Offline
                    reggie14
                    last edited by

                    @PiBa:

                    What does the uninstall log show when trying to remove the package.?.

                    Well, the package manager says it isn't installed, so I can't uninstall it.  Is there a manual way to do it? Or is there a log tucked away somewhere I should be looking at?

                    I've thought about removing/renaming radiusd, but is that likely to make thing worse?

                    I don't particularly want to rebuild the system again…  It wasn't a smooth process to begin with, and I don't really see what I could do differently this time around. I guess I could remove freeradius from my config file, but is that likely to screw things up?

                    As a side note, pfsense doesn't seem to gracefully handle missing plugins when you restore a config file.  When I did my ill-fated upgrade, it seemed to recognize things like ntop didn't exist, but when I did the clean install, followed by a restore, I have a bunch of references to missing plugins all over the place.  I can clean them out manually, by removing them from the config.xml, but it seems strange that I had to do that.

                    Edit:
                    I tried renaming radiusd and rebooting.  I still wasn't able to successfully install the freeradius2 package, but I did notice that the installer did create radiusd before it hung.

                    I also tried reinstalling all the packages.  As far as I could tell, it didn't even try to reinstall freeradius2.

                    1 Reply Last reply Reply Quote 0
                    • R Offline
                      reggie14
                      last edited by

                      This is still a problem…  and I'd really like to be able to update the freeradius package when there are updates.

                      So, barring new ideas on how to fix my current installation, what would I need to do to rebuild it?  I already tried reinstalling packages- that didn't work.  I'm guessing restoring a backup config is unlikely to work, too.  So would I need to do a new clean install?  That's what I initially did.  Is there something I should do to limit the chances this would happen again.  I'd really like to restore my current radius configuration, since I have a bunch of users and clients configured.

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        PiBa
                        last edited by

                        What shows up if you run? (should show two packages.):

                        pkg info | grep freeradius
                        

                        Or try installing it again from command line.?:

                        pkg install -F pfSense-pkg-freeradius2
                        
                        1 Reply Last reply Reply Quote 0
                        • R Offline
                          reggie14
                          last edited by

                          @PiBa:

                          What shows up if you run? (should show two packages.):

                          pkg info | grep freeradius
                          

                          Nothing shows up.  It doesn't see freeradius installed.

                          @PiBa:

                          Or try installing it again from command line.?:

                          pkg install -F pfSense-pkg-freeradius2
                          

                          It completes, and brings me back to a shell, but it still doesn't actually install freeradius.  Here's the output:

                          
                          [2.3-RC][admin@pfsense]/root: pkg install -F pfSense-pkg-freeradius2
                          Updating pfSense-core repository catalogue...
                          pkg install -F pfSense-pkg-freeradius2
                          pfSense-core repository is up-to-date.
                          Updating pfSense repository catalogue...
                          pfSense repository is up-to-date.
                          All repositories are up-to-date.
                          Checking integrity... done (0 conflicting)
                          The following 6 package(s) will be affected (of 0 checked):
                          
                          New packages to be INSTALLED:
                                  pfSense-pkg-freeradius2: 1.7.3_1 [pfSense]
                                  bash: 4.3.42_1 [pfSense]
                                  freeradius: 2.2.9 [pfSense]
                                  krb5: 1.14 [pfSense]
                                  pkgconf: 0.9.12_1 [pfSense]
                                  postgresql93-client: 9.3.11 [pfSense]
                          
                          The process will require 22 MiB more space.
                          
                          Proceed with this action? [y/N]: Please type 'Y[es]' or 'N[o]' to make selection
                          
                          Proceed with this action? [y/N]: y
                          
                          
                          1 Reply Last reply Reply Quote 0
                          • R Offline
                            reggie14
                            last edited by

                            So, I was able to fix my problem tonight!  The problem was me trying to restore a backup configuration that had packages installed and enabled.  Notably, I was running pfblocker-ng, snort, and freeradius2.  Complicating matters, that was the only backup config I  had.  Now I know better.

                            With BBcan177's help, I was able to get my pfSense box partially running after restoring my backup configuration, then I disabled packages, took a new backup, and did another clean install and config restore.  Once I did that, the restore process went much smoother.

                            I should also note that I installed the freeradius2 package before I restored my backup configuration.  I don't know if that was critical to getting the package to install, but it seemed prudent, given the problems I've had with it.

                            I'm not sure about the cause, but I can speculate a bit.  Because pfblocker-ng was enabled in my backup config, various things were broken as the config and package restoration process started.  Notably, unbound wouldn't start, due to missing pfblocker-ng files, and my firewall rules were screwed up. As a result, my pfSense box couldn't download packages.  But, as far as I can tell, the base pfSense build must include radiusd (and ran it with the config pulled out of my config.xml), which seemed to leave my pfSense box partially thinking the package had already been installed, and partially knowing otherwise.

                            By installing freeradius2 first, before restoring my old config, and by ensuring that most packages were disabled in that config, everything went well.

                            1 Reply Last reply Reply Quote 0
                            • D Offline
                              dlasher
                              last edited by

                              Was having this same problem, multiple devices, and doing a force from the CLI resolved it.

                              pkg install -F pfSense-pkg-freeradius2

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.