After an Installation Recovery, "Freeradius Package Won't Start"



  • Thanks in advanced guys!
    I was running an up to date version of pFsense whith Captive Portal + FreeRADIUS, everything was working just fine. I was having power failures every now and then. Until the day before yestarday, pFsensce would get stuck at boot time whit an error like this: "Warning :/ was not properly dismounted", so I had to reinstall it,  I downloaded the current version form pfsense web site. and with a USB DRIVE, i did option R, to rescue the config.xml. it went through just normal, it installed and then rebooted the system. My old configuration was there, however, FreeRadius and Service Watchdog, I had to install them manually (The configuration was there). after I installed them, service whatchdog would run just fine, however, FreeRADIUS would give me this error:

    
    Shell Output - radiusd -X
    radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.3, built on Feb 11 2017 at 03:50:51
    Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    You may redistribute copies of FreeRADIUS under the terms of the
    GNU General Public License.
    For more information about these matters, see the file named COPYRIGHT.
    Starting - reading configuration files ...
    including configuration file /usr/local/etc/raddb/radiusd.conf
    including configuration file /usr/local/etc/raddb/clients.conf
    including files in directory /usr/local/etc/raddb/modules/
    including configuration file /usr/local/etc/raddb/modules/always
    including configuration file /usr/local/etc/raddb/modules/attr_filter
    including configuration file /usr/local/etc/raddb/modules/attr_rewrite
    including configuration file /usr/local/etc/raddb/modules/cache
    including configuration file /usr/local/etc/raddb/modules/chap
    including configuration file /usr/local/etc/raddb/modules/checkval
    including configuration file /usr/local/etc/raddb/modules/counter
    including configuration file /usr/local/etc/raddb/modules/cui
    including configuration file /usr/local/etc/raddb/modules/detail
    including configuration file /usr/local/etc/raddb/modules/detail.example.com
    including configuration file /usr/local/etc/raddb/modules/detail.log
    including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool
    including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
    including configuration file /usr/local/etc/raddb/modules/digest
    including configuration file /usr/local/etc/raddb/modules/dynamic_clients
    including configuration file /usr/local/etc/raddb/modules/echo
    including configuration file /usr/local/etc/raddb/modules/etc_group
    including configuration file /usr/local/etc/raddb/modules/exec
    including configuration file /usr/local/etc/raddb/modules/expiration
    including configuration file /usr/local/etc/raddb/modules/expr
    including configuration file /usr/local/etc/raddb/modules/files
    including configuration file /usr/local/etc/raddb/modules/inner-eap
    including configuration file /usr/local/etc/raddb/modules/ippool
    including configuration file /usr/local/etc/raddb/modules/krb5
    including configuration file /usr/local/etc/raddb/modules/ldap
    including configuration file /usr/local/etc/raddb/modules/linelog
    including configuration file /usr/local/etc/raddb/modules/logintime
    including configuration file /usr/local/etc/raddb/modules/otp
    including configuration file /usr/local/etc/raddb/modules/mac2ip
    including configuration file /usr/local/etc/raddb/modules/mac2vlan
    including configuration file /usr/local/etc/raddb/modules/mschap
    including configuration file /usr/local/etc/raddb/modules/ntlm_auth
    including configuration file /usr/local/etc/raddb/modules/opendirectory
    including configuration file /usr/local/etc/raddb/modules/pam
    including configuration file /usr/local/etc/raddb/modules/pap
    including configuration file /usr/local/etc/raddb/modules/passwd
    including configuration file /usr/local/etc/raddb/modules/perl
    including configuration file /usr/local/etc/raddb/modules/policy
    including configuration file /usr/local/etc/raddb/modules/preprocess
    including configuration file /usr/local/etc/raddb/modules/radrelay
    including configuration file /usr/local/etc/raddb/modules/radutmp
    including configuration file /usr/local/etc/raddb/modules/realm
    including configuration file /usr/local/etc/raddb/modules/redis
    including configuration file /usr/local/etc/raddb/modules/rediswho
    including configuration file /usr/local/etc/raddb/modules/replicate
    including configuration file /usr/local/etc/raddb/modules/smbpasswd
    including configuration file /usr/local/etc/raddb/modules/smsotp
    including configuration file /usr/local/etc/raddb/modules/soh
    including configuration file /usr/local/etc/raddb/modules/sql_log
    including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
    including configuration file /usr/local/etc/raddb/modules/sradutmp
    including configuration file /usr/local/etc/raddb/modules/unix
    including configuration file /usr/local/etc/raddb/modules/wimax
    including configuration file /usr/local/etc/raddb/modules/acct_unique
    including configuration file /usr/local/etc/raddb/modules/motp
    including configuration file /usr/local/etc/raddb/modules/datacounter_acct
    including configuration file /usr/local/etc/raddb/eap.conf
    including configuration file /usr/local/etc/raddb/policy.conf
    including files in directory /usr/local/etc/raddb/sites-enabled/
    including configuration file /usr/local/etc/raddb/sites-enabled/default
    main {
    	allow_core_dumps = no
    }
    including dictionary file /usr/local/etc/raddb/dictionary
    main {
    	name = "radiusd"
    	prefix = "/usr/local"
    	localstatedir = "/var"
    	sbindir = "/usr/local/sbin"
    	logdir = "/var/log"
    	run_dir = "/var/run"
    	libdir = "/usr/local/lib/freeradius-2.2.9"
    	radacctdir = "/var/log/radacct"
    	hostname_lookups = no
    	max_request_time = 30
    	cleanup_delay = 5
    	max_requests = 1024
    	pidfile = "/var/run/radiusd.pid"
    	checkrad = "/usr/local/sbin/checkrad"
    	debug_level = 0
    	proxy_requests = yes
     log {
     	stripped_names = no
     	auth = no
     	auth_badpass = no
     	auth_goodpass = no
     	msg_badpass = ""
     	msg_goodpass = ""
     }
     security {
     	max_attributes = 200
     	reject_delay = 1
     	status_server = no
     	allow_vulnerable_openssl = no
     }
    }
    radiusd: #### Loading Realms and Home Servers ####
    radiusd: #### Loading Clients ####
     client MilosisPicoStation {
     	ipaddr = 172.16.2.15
     	require_message_authenticator = no
     	secret = "Biannelys01"
     	shortname = "MilosisPicoStation"
     	nastype = "other"
     }
     client Test {
     	ipaddr = 172.16.0.31
     	require_message_authenticator = no
     	secret = "Biannelys01"
     	shortname = "Test"
     	nastype = "other"
     }
     client HardyNET {
     	ipaddr = 172.16.0.1
     	require_message_authenticator = no
     	secret = "Biannelys01"
     	shortname = "HardyNET"
     	nastype = "other"
     }
    radiusd: #### Instantiating modules ####
     instantiate {
     Module: Linked to module rlm_exec
     Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
      exec {
      	wait = no
      	input_pairs = "request"
      	shell_escape = yes
      	timeout = 10
      }
     Module: Linked to module rlm_expr
     Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
     Module: Linked to module rlm_counter
     Module: Instantiating module "daily" from file /usr/local/etc/raddb/modules/counter
      counter daily {
      	filename = "/var/log/radacct/timecounter/db.daily"
      	key = "User-Name"
      	reset = "daily"
      	count-attribute = "Acct-Session-Time"
      	counter-name = "Daily-Session-Time"
      	check-name = "Max-Daily-Session"
      	reply-name = "Session-Timeout"
      	cache-size = 5000
      }
    rlm_counter: Counter attribute Daily-Session-Time is number 11273
    rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493352000 [2017-04-28 00:00:00]
     Module: Instantiating module "weekly" from file /usr/local/etc/raddb/modules/counter
      counter weekly {
      	filename = "/var/log/radacct/timecounter/db.weekly"
      	key = "User-Name"
      	reset = "weekly"
      	count-attribute = "Acct-Session-Time"
      	counter-name = "Weekly-Session-Time"
      	check-name = "Max-Weekly-Session"
      	reply-name = "Session-Timeout"
      	cache-size = 5000
      }
    rlm_counter: Counter attribute Weekly-Session-Time is number 11275
    rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493524800 [2017-04-30 00:00:00]
     Module: Instantiating module "monthly" from file /usr/local/etc/raddb/modules/counter
      counter monthly {
      	filename = "/var/log/radacct/timecounter/db.monthly"
      	key = "User-Name"
      	reset = "monthly"
      	count-attribute = "Acct-Session-Time"
      	counter-name = "Monthly-Session-Time"
      	check-name = "Max-Monthly-Session"
      	reply-name = "Session-Timeout"
      	cache-size = 5000
      }
    rlm_counter: Counter attribute Monthly-Session-Time is number 11277
    rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493611200 [2017-05-01 00:00:00]
     Module: Instantiating module "forever" from file /usr/local/etc/raddb/modules/counter
      counter forever {
      	filename = "/var/log/radacct/timecounter/db.forever"
      	key = "User-Name"
      	reset = "never"
      	count-attribute = "Acct-Session-Time"
      	counter-name = "Forever-Session-Time"
      	check-name = "Max-Forever-Session"
      	reply-name = "Session-Timeout"
      	cache-size = 5000
      }
    rlm_counter: Counter attribute Forever-Session-Time is number 11279
    rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 0 [2017-04-27 11:00:00]
     Module: Linked to module rlm_expiration
     Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
      expiration {
      	reply-message = "Password Has Expired  "
      }
     Module: Linked to module rlm_logintime
     Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
      logintime {
      	reply-message = "You are calling outside your allowed timespan  "
      	minimum-timeout = 60
      }
     }
    radiusd: #### Loading Virtual Servers ####
    server { # from file /usr/local/etc/raddb/radiusd.conf
     modules {
      Module: Creating Auth-Type = MOTP
      Module: Creating Auth-Type = digest
      Module: Creating Autz-Type = Status-Server
      Module: Creating Acct-Type = Status-Server
     Module: Checking authenticate {...} for more modules to load
     Module: Linked to module rlm_pap
     Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
      pap {
      	encryption_scheme = "auto"
      	auto_header = no
      }
     Module: Linked to module rlm_chap
     Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
     Module: Linked to module rlm_mschap
     Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
      mschap {
      	use_mppe = yes
      	require_encryption = no
      	require_strong = no
      	with_ntdomain_hack = yes
      	allow_retry = yes
      }
     Module: Instantiating module "motp" from file /usr/local/etc/raddb/modules/motp
      exec motp {
      	wait = yes
      	program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
      	input_pairs = "request"
      	shell_escape = yes
      }
     Module: Linked to module rlm_digest
     Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
     Module: Linked to module rlm_unix
     Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
      unix {
      	radwtmp = "/var/log/radwtmp"
      }
     Module: Linked to module rlm_eap
     Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
      eap {
      	default_eap_type = "md5"
      	timer_expire = 60
      	ignore_unknown_eap_types = no
      	cisco_accounting_username_bug = no
      	max_sessions = 4096
      }
     Module: Linked to sub-module rlm_eap_md5
     Module: Instantiating eap-md5
     Module: Linked to sub-module rlm_eap_leap
     Module: Instantiating eap-leap
     Module: Linked to sub-module rlm_eap_gtc
     Module: Instantiating eap-gtc
       gtc {
       	challenge = "Password: "
       	auth_type = "PAP"
       }
     Module: Linked to sub-module rlm_eap_tls
     Module: Instantiating eap-tls
       tls {
       	rsa_key_exchange = no
       	dh_key_exchange = yes
       	rsa_key_length = 512
       	dh_key_length = 512
       	verify_depth = 0
       	CA_path = "/usr/local/etc/raddb/certs"
       	pem_file_type = yes
       	private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
       	certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
       	CA_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
       	dh_file = "/usr/local/etc/raddb/certs/dh"
       	random_file = "/usr/local/etc/raddb/certs/random"
       	fragment_size = 1024
       	include_length = yes
       	check_crl = no
       	check_all_crl = no
       	cipher_list = "DEFAULT"
       	ecdh_curve = "prime256v1"
        cache {
        	enable = no
        	lifetime = 24
        	max_entries = 255
        }
        verify {
        }
        ocsp {
        	enable = no
        	override_cert_url = no
        	url = "http://127.0.0.1/ocsp/"
        	use_nonce = yes
        	timeout = 0
        	softfail = no
        }
       }
    rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
    rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
    rlm_eap: Failed to initialize type tls
    /usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
    /usr/local/etc/raddb/sites-enabled/default[339]: Failed to find "eap" in the "modules" section.
    /usr/local/etc/raddb/sites-enabled/default[274]: Errors parsing authenticate section.
    

    I was reasearching a little bit, and tried creating the certs manually running the following command.

    
    [2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs: chmod 777 bootstrap
    [2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs: ./bootstrap
    error on line -1 of ./server.cnf
    34379201032:error:02001002:system library:fopen:No such file or directory:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:175:fopen('./server.cnf','rb')
    34379201032:error:2006D080:BIO routines:BIO_new_file:no such file:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:178:
    34379201032:error:0E078072:configuration file routines:DEF_LOAD:no such file:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:195:
    [2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs:
    
    

    I noticed the problem Just after I finished installing, then I saw a system update, and I thought this would help solve the issue, however, update downloaded and installed (system rebooted). Still the same,  Then I thought I could be the configuration file might be corrupt, and loaded an old, known to work backup but still the same.

    Any Ideas on why/how to solve this issue?

    ![system info.PNG](/public/imported_attachments/1/system info.PNG)
    ![system info.PNG_thumb](/public/imported_attachments/1/system info.PNG_thumb)



  • Updated, Still the same Issue!



    ![Same Results.PNG](/public/imported_attachments/1/Same Results.PNG)
    ![Same Results.PNG_thumb](/public/imported_attachments/1/Same Results.PNG_thumb)



  • Come on, don't cross-post the same shit stuff in two places, that's ridiculous.
    https://forum.pfsense.org/index.php?topic=129649.0

    If you are not patient enough to wait for a reply then buy support. https://www.netgate.com/support/



  • @jahonix:

    Come on, don't cross-post the same shit stuff in two places, that's ridiculous.
    https://forum.pfsense.org/index.php?topic=129649.0

    If you are not patient enough to wait for a reply then buy support. https://www.netgate.com/support/

    I'm trully sorry on that, I was not being unpatient. You've been of great help before. After I upgraded the firewall and still had the same issue, then I thought it was a package issue, so I decided it should be posted under the package section.

    I'll go ahead and delete the other post. "My apologies".



  • Yeah, I'm now sure that this is an update issue. Installed an up to date version of pfsense on virtual box and the same thing is happening.




  • Well, It seems that there is no package issues after all, digging deeper I found information that. now we have to select a certificate from "PackageFreeRADIUS: EAP / EAP" tab.

    Create one SystemCertificate ManagerCAs.


Log in to reply