FreeRADIUS 3 package will not start

jimp

I split this off because that other thread was dead. Wait until FreeRADIUS 0.15 shows up, then install it (or upgrade to it). If you still have problems on 0.15, then post any errors you see in the GUI or system log messages about radius or radiusd.

PFbest

@jimp:

I split this off because that other thread was dead. Wait until FreeRADIUS 0.15 shows up, then install it (or upgrade to it). If you still have problems on 0.15, then post any errors you see in the GUI or system log messages about radius or radiusd.

Hi jimp it's ok :)
I forgot to mention, it is version 0.15.
Because it appeared on the Available Packages page, so I upgraded  :'(
There is no error in system log, do you know else where (location) I can get log or dump file?

Only have these entries when use "radius" as message filter

Aug 31 22:48:19	pkg		pfSense-pkg-freeradius3-0.15 installed
Aug 31 22:48:19	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 22:48:18	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 22:44:42	pkg		pfSense-pkg-freeradius3-0.15 deinstalled
Aug 31 22:44:41	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 22:21:22	pkg		pfSense-pkg-freeradius3 reinstalled: 0.15 -> 0.15
Aug 31 22:21:22	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 22:21:21	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 22:21:21	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 21:56:21	pkg		pfSense-pkg-freeradius3-0.15 installed
Aug 31 21:56:21	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 21:56:20	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 21:54:39	pkg		freeradius3-3.0.15 installed
Aug 31 21:52:32	pkg		freeradius-2.2.9 deinstalled
Aug 31 21:52:32	pkg		pfSense-pkg-freeradius2-1.7.9 deinstalled
Aug 31 21:52:31	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 21:48:23	pkg		pfSense-pkg-freeradius2-1.7.9 installed
Aug 31 21:48:23	php		/etc/rc.packages: Successfully installed package: freeradius2.
Aug 31 21:48:22	php		/etc/rc.packages: freeRADIUS: Creating new random file in /usr/local/etc/raddb/certs
Aug 31 21:48:22	php		/etc/rc.packages: FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/files.backup
Aug 31 21:48:22	php		/etc/rc.packages: FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/policy.conf.backup
Aug 31 21:48:22	php		/etc/rc.packages: Beginning package installation for freeradius2 .
Aug 31 21:48:22	pkg		freeradius-2.2.9 installed
Aug 31 21:45:42	pkg		freeradius3-3.0.15 deinstalled
Aug 31 21:45:42	pkg		pfSense-pkg-freeradius3-0.15 deinstalled
Aug 31 21:45:40	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 21:42:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:41:33	pkg		pfSense-pkg-freeradius3-0.15 installed
Aug 31 21:41:33	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 21:41:31	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 21:41:31	pkg		freeradius3-3.0.15 installed
Aug 31 21:41:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:40:47	pkg		freeradius3-3.0.15 deinstalled
Aug 31 21:40:47	pkg		pfSense-pkg-freeradius3-0.15 deinstalled
Aug 31 21:40:45	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 21:40:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:39:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:38:24	pkg		pfSense-pkg-freeradius3 reinstalled: 0.15 -> 0.15
Aug 31 21:38:24	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 21:38:23	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 21:38:22	php		/etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
Aug 31 21:38:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:37:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:36:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:35:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:34:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:32:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:31:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:30:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:29:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:28:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:27:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:26:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:25:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:24:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:23:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:22:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:21:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:20:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:19:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:18:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:17:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:16:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:15:00	php-cgi		servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Aug 31 21:14:13	pkg		pfSense-pkg-freeradius3-0.15 installed
Aug 31 21:14:13	php		/etc/rc.packages: Successfully installed package: freeradius3.
Aug 31 21:14:12	php		/etc/rc.packages: Beginning package installation for freeradius3 .
Aug 31 21:14:12	pkg		freeradius3-3.0.15 installed
Aug 31 21:14:08	pkg		freeradius-2.2.9 deinstalled
Aug 31 21:14:08	pkg		pfSense-pkg-freeradius2-1.7.9 deinstalled

doktornotor

Run

radiusd -X

from console and post the output.

PFbest

@doktornotor:

Run

radiusd -X

from console and post the output.

Huge thanks man! ;D ;D ;D
Got this from console
Guess I could dive into those files, my guess is it's due to upgrade?
The conf file must be from V2, so probably it's not compatible with V3?
:)

FreeRADIUS Version 3.0.15
Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/local/share/freeradius/dictionary
including dictionary file /usr/local/share/freeradius/dictionary.dhcp
including dictionary file /usr/local/share/freeradius/dictionary.vqp
including dictionary file /usr/local/etc/raddb/dictionary
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
/usr/local/etc/raddb/clients.conf[20]: Parse error after "f": unexpected token "<"
Errors reading or parsing /usr/local/etc/raddb/radiusd.conf

doktornotor

What's in /usr/local/etc/raddb/clients.conf? (line 20, but post some context as well).

PFbest

@doktornotor:

What's in /usr/local/etc/raddb/clients.conf? (line 20, but post some context as well).

mmmm, Interesting

line 20 is this: secret = A<103.,c-!:@=1;d,f<@># <dkg1nc-1<br>It must be improper character escape bug I assume? Since it's working under V2
;)</dkg1nc-1<br>

PFbest

Fixed secret, now I have new error with radiusd -X

tls: Failed reading Trusted root CA list "/usr/local/etc/raddb/certs/ca_cert.pem"
tls: error:0906D066:PEM routines:PEM_read_bio:bad end line
tls: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/usr/local/etc/raddb/mods-enabled/eap[2]: Instantiation failed for module "eap"

:o

doktornotor

No idea what you have there in ca_cert.pem. It's supposed to end with

-----END CERTIFICATE-----

PFbest

@doktornotor:

No idea what you have there in ca_cert.pem. It's supposed to end with

-----END CERTIFICATE-----

Weird, my CA was the default one, generated when pfsense was installed

PFbest

Interesting.

After dig into the CA.

I found that the CA file was cut off at the end, like several lines are missing.

After I copied back the complete CA content, everything rocks again.  ;D ;D

That's something new to know I guess.

Thanks very much guys!

Cheers!!!

doktornotor

OK… No idea how the CA file got corrupted, the package just uses whatever is saved as a selected CA certificate in config.xml.

PFbest

@doktornotor:

OK… No idea how the CA file got corrupted, the package just uses whatever is saved as a selected CA certificate in config.xml.

I know, it's weird.
I don't even know when it gets corrupted.
At least now I know there is one more thing need to be aware of when freeradius goes wrong.

;)

doktornotor

One more thing - can you test the shared secret like this?

'A<103.,c-!:@=1;d,f<@># <dkg1nc-1'<br>(Save and check whether RADIUS is still running.)</dkg1nc-1'<br>

PFbest

@doktornotor:

One more thing - can you test the shared secret like this?

'A<103.,c-!:@=1;d,f<@># <dkg1nc-1'<br>(Save and check whether RADIUS is still running.)</dkg1nc-1'<br>

Like put exactly 'A<103.,c-!:@=1;d,f<@>#

doktornotor

Yes.

PFbest

@doktornotor:

Yes.

Errrr, guess it won't work?
Cause it's over 31 characters :o

doktornotor

It should still stay 31 characters, just avoid the misparsing issues. See man unlang regarding the single quotes. The single quotes shouldn't count as part of the secret.

PFbest

@doktornotor:

It should still stay 31 characters, just avoid the misparsing issues. See man unlang regarding the single quotes. The single quotes shouldn't count as part of the secret.

Ummmmmm
It returns error as in image

doktornotor

Eh, well… edit this line to 33. I just wanted you to test whether it stops breaking the config, that's all.

PFbest

@doktornotor:

Eh, well… edit this line to 33. I just wanted you to test whether it stops breaking the config, that's all.

Cool, tested.
Results are:

| freeradius | ap | Results |
| 'A<103.,c-!:@=1;d,f<@># | 'A<103.,c-!:@=1;d,f<@># | Fail |
| 'A<103.,c-!:@=1;d,f<@># | A<103.,c-!:@=1;d,f<@># | Pass |