[SOLVED] freeradius stopped working and it won't restart

fcortes

Hi guys

I'm at a lost here

I've been running pfs 2.3.2-RELEASE-p1 (i386) for the entire year with no problems.
recently users of the cp advised that the were unable to login with error:
Error Sending Request: No valid RADIUS responses received
when I login to the console I see the service freeradius down, and I can't seem to be able to get radiusd back up.

things I've tried with no happy ending:

• Updated my freeradius version to the last one that was available in package manager: freeradius2 net 1.7.8
• remove and reinstall the same version (the config was kept though, not sure how to blow up that one)
• https://forum.pfsense.org/index.php?topic=92636.0:
  shellcmd (early and normal), watchdog keeps trying to restart service but no joy, removed /var/log/radaact and reinstall package but nothing.
• https://forum.pfsense.org/index.php?topic=87441.30:
  Did the edit suggested on post to file: /usr/local/etc/rc.d/radiusd.sh but no joy
• https://forum.pfsense.org/index.php?topic=109775.msg611138#msg611138:
  tried to command: rm /tmp/radiusd_start.lock
  tried service radiusd onerestart from the command line in the gui but no joy
  I don't have physical access to the fw so I couldn't issue: radiusd -f -d /usr/local/etc/raddb

recently the system logs for the radiusd show the following

Jul 20 19:18:24 radiusd 81572 Failed to load virtual server <default>Jul 20 19:18:37 radiusd 17729 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:18:37 radiusd 17729 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:18:37 radiusd 17729 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:18:37 radiusd 17729 Failed to load virtual server <default>Jul 20 19:18:37 radiusd 17729 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:18:37 radiusd 17729 rlm_eap: Failed to initialize type tls
Jul 20 19:18:37 radiusd 17729 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:22:01 radiusd 49629 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:22:01 radiusd 49629 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:22:01 radiusd 49629 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:22:01 radiusd 49629 Failed to load virtual server <default>Jul 20 19:22:01 radiusd 49629 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:22:01 radiusd 49629 rlm_eap: Failed to initialize type tls
Jul 20 19:22:01 radiusd 49629 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:22:13 radiusd 77157 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:22:13 radiusd 77157 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:22:13 radiusd 77157 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:22:13 radiusd 77157 Failed to load virtual server <default>Jul 20 19:22:13 radiusd 77157 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:22:13 radiusd 77157 rlm_eap: Failed to initialize type tls
Jul 20 19:22:13 radiusd 77157 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:22:53 radiusd 50753 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:22:53 radiusd 50753 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:22:53 radiusd 50753 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:22:53 radiusd 50753 Failed to load virtual server <default>Jul 20 19:22:53 radiusd 50753 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:22:53 radiusd 50753 rlm_eap: Failed to initialize type tls
Jul 20 19:22:53 radiusd 50753 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:23:17 radiusd 98370 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:23:17 radiusd 98370 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:23:17 radiusd 98370 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:23:17 radiusd 98370 Failed to load virtual server <default>Jul 20 19:23:17 radiusd 98370 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:23:17 radiusd 98370 rlm_eap: Failed to initialize type tls
Jul 20 19:23:17 radiusd 98370 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:23:55 radiusd 75439 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:23:55 radiusd 75439 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:23:55 radiusd 75439 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:23:55 radiusd 75439 Failed to load virtual server <default>Jul 20 19:23:55 radiusd 75439 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:23:55 radiusd 75439 rlm_eap: Failed to initialize type tls
Jul 20 19:23:55 radiusd 75439 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Jul 20 19:26:06 radiusd 43335 /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
Jul 20 19:26:06 radiusd 43335 /usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section.
Jul 20 19:26:06 radiusd 43335 /usr/local/etc/raddb/sites-enabled/default[328]: Failed to find "eap" in the "modules" section.
Jul 20 19:26:06 radiusd 43335 Failed to load virtual server <default>Jul 20 19:26:06 radiusd 43335 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Jul 20 19:26:06 radiusd 43335 rlm_eap: Failed to initialize type tls
Jul 20 19:26:06 radiusd 43335 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory

I don't use an ssl certificate or an external mysql server, all I have in freeradius are 20+ users that authenticate via cp before they can go on internet on my wlan interface, I wouldn't mind blowing that config If I can get the service up again if needed.

Not sure what changed, of if the user db got corrupted somehow (that's my guess)

any suggestions?

Any help is greatly appreciated.</default></default></default></default></default></default></default></default>

fcortes

trying to setup certs as it seems to be a requirement as per solutions posted on

https://forum.pfsense.org/index.php?topic=129630.0

https://forum.pfsense.org/index.php?topic=128923.0

will confirm if this works once I get the chance.

tks

Gertjan

Add this one to your list  https://forum.pfsense.org/index.php?topic=131883.0  ;)

fcortes

Hi guys

Well, The certs were definitely the problem

I created root and interm CA certificates under system > cert manager
created a cert for my box in the same area
then in services > freeradius , eap tab I set the certs previously created
and voila, automagically, without pushing restart, the freeradius service came back to life.  :D

I know the theory about certs and the importance in regards to security but never had a "real" need for them. I guess this a good time to learn about them so there's still some work to do but at least captive portal users are now able to login :)

thank Gertjan for replying. I glimpsed through the post you suggested and I did run into a few freeradius3 posts while looking for answers to my problem but even when I was reinstalling freeradius while troubleshooting my issue I didn't see that package come up, all It showed up in package manager was freeradius2. Might consider looking into that once I upgrade pfsense by the end of this year.

Thank you guys

jimp

@fcortes:

• Updated my freeradius version to the last one that was available in package manager: freeradius2 net 1.7.8

Uninstall FreeRADIUS 2.x. Install FreeRADIUS 3.x.

The 2.x package is EOL and has security problems. It will be removed soon.

The 3.x package is stable, secure, and works better. It can make certificates for you, too, and avoids this problem entirely.

fcortes

Hi Jimp

I saw freeradius3 was out while reading through posts, but while dealing with this issue and uninstalling freeradius when I look up freeradius in package manager freeradius3 didn't showup as far as I can remember? did i missed it?, is there another way to get freeradius3 installed that is not through package manager?

Thank you for your follow up

Cheers

jimp

You need to be on pfSense 2.3.4 or later to get FreeRADIUS 3.x.

anzak84

radiusd -X
}
  # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enabled/datacounter_acct
  exec datacounterforever {
        wait = yes
        program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{request:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octets} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
        shell_escape = yes
  }
/usr/local/etc/raddb/mods-enabled/counter[2]: Failed to link to module 'rlm_counter': Shared object "libgdbm.so.4" not found, required by "rlm_counter.so"

error, radius not start. (freeradius3)
help me please