Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2.4.3 - FreeRadius won't let me save settings, gives error about EAP

    pfSense Packages
    6
    8
    1215
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rbabchis last edited by

      No matter what I do, I get this error. I've been trying for hours. Every time I try to save "Settings".

      –
      The following input errors were detected:
      Please, configure and save EAP settings first. Note that setting the SSL CA/Server Certificate is required.
      General Configuration

      EAP is configured properly, and minimally. It was working without error before the upgrade to 2.4.3. It has valid certs and a CA. I even tried creating new ones.

      I've tried running freeradius from the command line in the foreground with debugging on, and see no errors. I also verified that the certificates configured/loaded by freeradius are the correct ones in the filesystem.

      So at this point I'm stuck and cannot change anything under settings no matter what I do.

      Can anyone help?

      Thanks

      1 Reply Last reply Reply Quote 0
      • S
        snowyrain last edited by

        Hello,

        same on "2.3.4-RELEASE". Fresh Install + FreeRadius.

        Snowyrain

        Edit: solved

        I had to add
        "global $config;"
        in the first line in function
        freeradius_validate_settings($post, &$input_errors) {
        in file:
        /usr/local/pkg/freeradius.inc

        1 Reply Last reply Reply Quote 0
        • J
          jayden last edited by

          can you explain how did that sir?

          1 Reply Last reply Reply Quote 0
          • T
            thouwlin last edited by

            @jayden:

            can you explain how did that sir?

            1. ssh you the pfsense server

            2. vi /usr/local/pkg/freeradius.inc (you are editing the file.)  At anytime you think you have messed up press ESC twice and then type :q! this will exit without saving)

            3. type /validate_settings  (this jumps you to where you need to be in the file)

            4. press 0 (the letter o, this will put you in input mode one line down)

            5. type  global $config;

            6. press ESC twice (habit of mine, in most cases once is fine)

            7 type :wq or shift ZZ (write the files and exits)

            Here is what is looked like:
            login as: admin
            Using keyboard-interactive authentication.
            Password for admin@pfsense.local.enms.net:
            *** Welcome to pfSense 2.3.4-RELEASE (amd64 full-install) on pfsense ***

            WAN (wan)      -> em0        -> v4/DHCP4: xx.xx.xx.xx/19
                                              v6/DHCP6: xxxx:xxxx:xxxx:bc:xxxx:xxxx:xxxx:xxxx/128
            LAN (lan)      -> em1        -> v4: 10.50.100.2/24
                                              v6: 2001:470:1f11:85::1/64
            HENETV6 (opt1)  -> gif0      -> v6: 2001:470:1f10:85::2/128
            IOTWINK (opt2)  -> em3_vlan10 -> v4: 10.10.100.2/24
            IOTRING (opt3)  -> em3_vlan48 -> v4: 10.48.100.2/24
            IOTOTHER (opt4) -> em3_vlan20 -> v4: 10.20.100.2/24
            OPT5 (opt5)    -> run0_wlan0 -> v4: 10.200.100.2/24

            1. Logout (SSH only)                  9) pfTop
            2. Assign Interfaces                10) Filter Logs
            3. Set interface(s) IP address      11) Restart webConfigurator
            4. Reset webConfigurator password    12) PHP shell + pfSense tools
            5. Reset to factory defaults        13) Update from console
            6. Reboot system                    14) Disable Secure Shell (sshd)
            7. Halt system                      15) Restore recent configuration
            8. Ping host                        16) Restart PHP-FPM
            9. Shell

            Enter an option: 8
            [2.3.4-RELEASE][[email]admin@pfsense.local.enms.net]/root: vi /usr/local/pkg/freeradius.inc

            tion' field; only /^[a-zA-Z0-9 _,.;:+=()-]*$/ allowed.";
                    }

            /*
                    * TODO: Check that the configured port is unique for the selected Inter
            face Type/IP address.
                    */

            }

            /* General Settings input validation */
            function freeradius_validate_settings($post, &$input_errors) {
                    global $config;
                    // Force users to configure certificates for EAP
                    if (is_array($config['installedpackages']['freeradiuseapconf']['config']

            • )) {

            $eapconf = $config['installedpackages']['freeradiuseapconf']['co
            nfig'][0];
                    } else {
                            $input_errors[] = "Please, configure and save EAP settings first
            . Note that setting the SSL CA/Server Certificate is required.";
                            $eapconf = array();
                    }
            /usr/local/pkg/freeradius.inc: 4815 lines, 181995 characters.
            [2.3.4-RELEASE][[email]admin@pfsense.local.enms.net]/root:

            1 Reply Last reply Reply Quote 0
            • J
              jayden last edited by

              thanks mate this helped a lot

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Update to the latest package for a permanent fix.

                1 Reply Last reply Reply Quote 0
                • H
                  hsrtreml last edited by

                  same issue with new patch within EAP:

                  The following input errors were detected:
                  SSL CA Certificate must not be set to 'none'. Create a CA certificate if needed and select it here.
                  SSL Server Certificate must not be set to 'none'. Create a server certificate if needed and select it here.

                  I set some Cert-Example; save; then no error message but after a long time freeradius service end!!

                  Someone any idea?

                  br
                  hsrtreml

                  1 Reply Last reply Reply Quote 0
                  • jimp
                    jimp Rebel Alliance Developer Netgate last edited by

                    @hsrtreml:

                    same issue with new patch within EAP:

                    The following input errors were detected:
                    SSL CA Certificate must not be set to 'none'. Create a CA certificate if needed and select it here.
                    SSL Server Certificate must not be set to 'none'. Create a server certificate if needed and select it here.

                    I set some Cert-Example; save; then no error message but after a long time freeradius service end!!

                    That is not the same issue. Please start a new thread.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy