After an Installation Recovery, "Freeradius Package Won't Start"

hardy_rafael17

Thanks in advanced guys!
I was running an up to date version of pFsense whith Captive Portal + FreeRADIUS, everything was working just fine. I was having power failures every now and then. Until the day before yestarday, pFsensce would get stuck at boot time whit an error like this: "Warning :/ was not properly dismounted", so I had to reinstall it,  I downloaded the current version form pfsense web site. and with a USB DRIVE, i did option R, to rescue the config.xml. it went through just normal, it installed and then rebooted the system. My old configuration was there, however, FreeRadius and Service Watchdog, I had to install them manually (The configuration was there). after I installed them, service whatchdog would run just fine, however, FreeRADIUS would give me this error:

Shell Output - radiusd -X
radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.3, built on Feb 11 2017 at 03:50:51
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/cache
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool
including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radrelay
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/motp
including configuration file /usr/local/etc/raddb/modules/datacounter_acct
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
	allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
	name = "radiusd"
	prefix = "/usr/local"
	localstatedir = "/var"
	sbindir = "/usr/local/sbin"
	logdir = "/var/log"
	run_dir = "/var/run"
	libdir = "/usr/local/lib/freeradius-2.2.9"
	radacctdir = "/var/log/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/radiusd.pid"
	checkrad = "/usr/local/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
 	stripped_names = no
 	auth = no
 	auth_badpass = no
 	auth_goodpass = no
 	msg_badpass = ""
 	msg_goodpass = ""
 }
 security {
 	max_attributes = 200
 	reject_delay = 1
 	status_server = no
 	allow_vulnerable_openssl = no
 }
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
 client MilosisPicoStation {
 	ipaddr = 172.16.2.15
 	require_message_authenticator = no
 	secret = "Biannelys01"
 	shortname = "MilosisPicoStation"
 	nastype = "other"
 }
 client Test {
 	ipaddr = 172.16.0.31
 	require_message_authenticator = no
 	secret = "Biannelys01"
 	shortname = "Test"
 	nastype = "other"
 }
 client HardyNET {
 	ipaddr = 172.16.0.1
 	require_message_authenticator = no
 	secret = "Biannelys01"
 	shortname = "HardyNET"
 	nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec
  exec {
  	wait = no
  	input_pairs = "request"
  	shell_escape = yes
  	timeout = 10
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr
 Module: Linked to module rlm_counter
 Module: Instantiating module "daily" from file /usr/local/etc/raddb/modules/counter
  counter daily {
  	filename = "/var/log/radacct/timecounter/db.daily"
  	key = "User-Name"
  	reset = "daily"
  	count-attribute = "Acct-Session-Time"
  	counter-name = "Daily-Session-Time"
  	check-name = "Max-Daily-Session"
  	reply-name = "Session-Timeout"
  	cache-size = 5000
  }
rlm_counter: Counter attribute Daily-Session-Time is number 11273
rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493352000 [2017-04-28 00:00:00]
 Module: Instantiating module "weekly" from file /usr/local/etc/raddb/modules/counter
  counter weekly {
  	filename = "/var/log/radacct/timecounter/db.weekly"
  	key = "User-Name"
  	reset = "weekly"
  	count-attribute = "Acct-Session-Time"
  	counter-name = "Weekly-Session-Time"
  	check-name = "Max-Weekly-Session"
  	reply-name = "Session-Timeout"
  	cache-size = 5000
  }
rlm_counter: Counter attribute Weekly-Session-Time is number 11275
rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493524800 [2017-04-30 00:00:00]
 Module: Instantiating module "monthly" from file /usr/local/etc/raddb/modules/counter
  counter monthly {
  	filename = "/var/log/radacct/timecounter/db.monthly"
  	key = "User-Name"
  	reset = "monthly"
  	count-attribute = "Acct-Session-Time"
  	counter-name = "Monthly-Session-Time"
  	check-name = "Max-Monthly-Session"
  	reply-name = "Session-Timeout"
  	cache-size = 5000
  }
rlm_counter: Counter attribute Monthly-Session-Time is number 11277
rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 1493611200 [2017-05-01 00:00:00]
 Module: Instantiating module "forever" from file /usr/local/etc/raddb/modules/counter
  counter forever {
  	filename = "/var/log/radacct/timecounter/db.forever"
  	key = "User-Name"
  	reset = "never"
  	count-attribute = "Acct-Session-Time"
  	counter-name = "Forever-Session-Time"
  	check-name = "Max-Forever-Session"
  	reply-name = "Session-Timeout"
  	cache-size = 5000
  }
rlm_counter: Counter attribute Forever-Session-Time is number 11279
rlm_counter: Current Time: 1493307492 [2017-04-27 11:38:12], Next reset 0 [2017-04-27 11:00:00]
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration
  expiration {
  	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime
  logintime {
  	reply-message = "You are calling outside your allowed timespan  "
  	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
 modules {
  Module: Creating Auth-Type = MOTP
  Module: Creating Auth-Type = digest
  Module: Creating Autz-Type = Status-Server
  Module: Creating Acct-Type = Status-Server
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap
  pap {
  	encryption_scheme = "auto"
  	auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap
  mschap {
  	use_mppe = yes
  	require_encryption = no
  	require_strong = no
  	with_ntdomain_hack = yes
  	allow_retry = yes
  }
 Module: Instantiating module "motp" from file /usr/local/etc/raddb/modules/motp
  exec motp {
  	wait = yes
  	program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{reply:MOTP-Offset}"
  	input_pairs = "request"
  	shell_escape = yes
  }
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix
  unix {
  	radwtmp = "/var/log/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
  eap {
  	default_eap_type = "md5"
  	timer_expire = 60
  	ignore_unknown_eap_types = no
  	cisco_accounting_username_bug = no
  	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
   	challenge = "Password: "
   	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
   	rsa_key_exchange = no
   	dh_key_exchange = yes
   	rsa_key_length = 512
   	dh_key_length = 512
   	verify_depth = 0
   	CA_path = "/usr/local/etc/raddb/certs"
   	pem_file_type = yes
   	private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
   	certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
   	CA_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
   	dh_file = "/usr/local/etc/raddb/certs/dh"
   	random_file = "/usr/local/etc/raddb/certs/random"
   	fragment_size = 1024
   	include_length = yes
   	check_crl = no
   	check_all_crl = no
   	cipher_list = "DEFAULT"
   	ecdh_curve = "prime256v1"
    cache {
    	enable = no
    	lifetime = 24
    	max_entries = 255
    }
    verify {
    }
    ocsp {
    	enable = no
    	override_cert_url = no
    	url = "http://127.0.0.1/ocsp/"
    	use_nonce = yes
    	timeout = 0
    	softfail = no
    }
   }
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/default[339]: Failed to find "eap" in the "modules" section.
/usr/local/etc/raddb/sites-enabled/default[274]: Errors parsing authenticate section.

I was reasearching a little bit, and tried creating the certs manually running the following command.

[2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs: chmod 777 bootstrap
[2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs: ./bootstrap
error on line -1 of ./server.cnf
34379201032:error:02001002:system library:fopen:No such file or directory:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:175:fopen('./server.cnf','rb')
34379201032:error:2006D080:BIO routines:BIO_new_file:no such file:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:178:
34379201032:error:0E078072:configuration file routines:DEF_LOAD:no such file:/builder/pfsense-233/tmp/FreeBSD-src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:195:
[2.3.3-RELEASE][root@Hardy.NET]/usr/local/etc/raddb/certs:

I noticed the problem Just after I finished installing, then I saw a system update, and I thought this would help solve the issue, however, update downloaded and installed (system rebooted). Still the same,  Then I thought I could be the configuration file might be corrupt, and loaded an old, known to work backup but still the same.

Any Ideas on why/how to solve this issue?


hardy_rafael17

Updated, Still the same Issue!


jahonix

Come on, don't cross-post the same shit stuff in two places, that's ridiculous.
https://forum.pfsense.org/index.php?topic=129649.0

If you are not patient enough to wait for a reply then buy support. https://www.netgate.com/support/

hardy_rafael17

@jahonix:

Come on, don't cross-post the same shit stuff in two places, that's ridiculous.
https://forum.pfsense.org/index.php?topic=129649.0

If you are not patient enough to wait for a reply then buy support. https://www.netgate.com/support/

I'm trully sorry on that, I was not being unpatient. You've been of great help before. After I upgraded the firewall and still had the same issue, then I thought it was a package issue, so I decided it should be posted under the package section.

I'll go ahead and delete the other post. "My apologies".

hardy_rafael17

Yeah, I'm now sure that this is an update issue. Installed an up to date version of pfsense on virtual box and the same thing is happening.

hardy_rafael17

Well, It seems that there is no package issues after all, digging deeper I found information that. now we have to select a certificate from "PackageFreeRADIUS: EAP / EAP" tab.

Create one SystemCertificate ManagerCAs.

Akonto

@jahonix said in After an Installation Recovery, "Freeradius Package Won't Start":

https://forum.pfsense.org/index.php?topic=129649.0

Go to:

1. Services->FreeRadius

2. EAP(Tab)

3. Scroll down to: Certificates for TLS

4. SSL CA Certificate-> Select Certificate(If you dont have need to create it System->Cert. Manager)

5. SSL Revocation List-> Select Certificate

6. SSL Server Certificate

7. Start FreeRADIUS service