2.4.3 - FreeRadius won't let me save settings, gives error about EAP

rbabchis

No matter what I do, I get this error. I've been trying for hours. Every time I try to save "Settings".

–
The following input errors were detected:
Please, configure and save EAP settings first. Note that setting the SSL CA/Server Certificate is required.
General Configuration

EAP is configured properly, and minimally. It was working without error before the upgrade to 2.4.3. It has valid certs and a CA. I even tried creating new ones.

I've tried running freeradius from the command line in the foreground with debugging on, and see no errors. I also verified that the certificates configured/loaded by freeradius are the correct ones in the filesystem.

So at this point I'm stuck and cannot change anything under settings no matter what I do.

Can anyone help?

Thanks

snowyrain

Hello,

same on "2.3.4-RELEASE". Fresh Install + FreeRadius.

Snowyrain

Edit: solved

I had to add
"global $config;"
in the first line in function
freeradius_validate_settings($post, &$input_errors) {
in file:
/usr/local/pkg/freeradius.inc

jayden

can you explain how did that sir?

thouwlin

@jayden:

can you explain how did that sir?

1. ssh you the pfsense server

2. vi /usr/local/pkg/freeradius.inc (you are editing the file.)  At anytime you think you have messed up press ESC twice and then type :q! this will exit without saving)

3. type /validate_settings  (this jumps you to where you need to be in the file)

4. press 0 (the letter o, this will put you in input mode one line down)

5. type  global $config;

6. press ESC twice (habit of mine, in most cases once is fine)

7 type :wq or shift ZZ (write the files and exits)

Here is what is looked like:
login as: admin
Using keyboard-interactive authentication.
Password for admin@pfsense.local.enms.net:
*** Welcome to pfSense 2.3.4-RELEASE (amd64 full-install) on pfsense ***

WAN (wan)      -> em0        -> v4/DHCP4: xx.xx.xx.xx/19
                                  v6/DHCP6: xxxx:xxxx:xxxx:bc:xxxx:xxxx:xxxx:xxxx/128
LAN (lan)      -> em1        -> v4: 10.50.100.2/24
                                  v6: 2001:470:1f11:85::1/64
HENETV6 (opt1)  -> gif0      -> v6: 2001:470:1f10:85::2/128
IOTWINK (opt2)  -> em3_vlan10 -> v4: 10.10.100.2/24
IOTRING (opt3)  -> em3_vlan48 -> v4: 10.48.100.2/24
IOTOTHER (opt4) -> em3_vlan20 -> v4: 10.20.100.2/24
OPT5 (opt5)    -> run0_wlan0 -> v4: 10.200.100.2/24

0. Logout (SSH only)                  9) pfTop
1. Assign Interfaces                10) Filter Logs
2. Set interface(s) IP address      11) Restart webConfigurator
3. Reset webConfigurator password    12) PHP shell + pfSense tools
4. Reset to factory defaults        13) Update from console
5. Reboot system                    14) Disable Secure Shell (sshd)
6. Halt system                      15) Restore recent configuration
7. Ping host                        16) Restart PHP-FPM
8. Shell

Enter an option: 8
[2.3.4-RELEASE][[email]admin@pfsense.local.enms.net]/root: vi /usr/local/pkg/freeradius.inc

tion' field; only /^[a-zA-Z0-9 _,.;:+=()-]*$/ allowed.";
        }

/*
        * TODO: Check that the configured port is unique for the selected Inter
face Type/IP address.
        */

}

/* General Settings input validation */
function freeradius_validate_settings($post, &$input_errors) {
        global $config;
        // Force users to configure certificates for EAP
        if (is_array($config['installedpackages']['freeradiuseapconf']['config']

• )) {

$eapconf = $config['installedpackages']['freeradiuseapconf']['co
nfig'][0];
        } else {
                $input_errors[] = "Please, configure and save EAP settings first
. Note that setting the SSL CA/Server Certificate is required.";
                $eapconf = array();
        }
/usr/local/pkg/freeradius.inc: 4815 lines, 181995 characters.
[2.3.4-RELEASE][[email]admin@pfsense.local.enms.net]/root:

jayden

thanks mate this helped a lot

jimp

Update to the latest package for a permanent fix.

hsrtreml

same issue with new patch within EAP:

The following input errors were detected:
SSL CA Certificate must not be set to 'none'. Create a CA certificate if needed and select it here.
SSL Server Certificate must not be set to 'none'. Create a server certificate if needed and select it here.

I set some Cert-Example; save; then no error message but after a long time freeradius service end!!

Someone any idea?

br
hsrtreml

jimp

@hsrtreml:

same issue with new patch within EAP:

The following input errors were detected:
SSL CA Certificate must not be set to 'none'. Create a CA certificate if needed and select it here.
SSL Server Certificate must not be set to 'none'. Create a server certificate if needed and select it here.

I set some Cert-Example; save; then no error message but after a long time freeradius service end!!

That is not the same issue. Please start a new thread.