FreeRADIUS 3.x package problem with MySQL (not started)



  • hi all
    i upgrade pf to 2.4
    i upgrade freeradius to version 3
    Freeradius 3 after upgrade not started. I create tiket
    I use mysql, i not use EAP (eap is configured)
    i see in log

    Oct 16 10:47:45    radiusd    26285    [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
    Oct 16 10:47:45    radiusd    26285    [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
    Oct 16 10:47:45    radiusd    26285    Loaded virtual server <default>
    Oct 16 10:47:45    radiusd    26285    /usr/local/etc/raddb/sites-enabled/default[142]: Failed to find "daily" as a module or policy.
    Oct 16 10:47:45    radiusd    26285    /usr/local/etc/raddb/sites-enabled/default[142]: Please verify that the configuration exists in /usr/local/etc/raddb/mods-enabled/daily.
    Oct 16 10:47:45    radiusd    26285    /usr/local/etc/raddb/sites-enabled/default[127]: Errors parsing accounting section.
    Oct 16 10:47:45    radiusd    26285    Failed to load virtual server default</default>
    

    i edit /usr/local/etc/raddb/sites-enabled/default
    i comment:

    
    accounting {
    ......
        #daily
        #weekly
        #monthly
        #forever
    

    and freeRadius starts to run.
    I NOT USE ACCOUNTING!!!!
    I tryed reinstall package, tryed clear install - It useless



  • i made a clean installation pfsense
    i not check "Enable SQL Support"  – freeRadius work without problem!

    if checked "Enable SQL Support" and made SQL-server settings -- and freeRadius work with problem (not started)!

    these SQL-settings worked on 2.3.4
    and I'm sure that the settings are correct



  • my freeradius conf from xml:

     <freeradiusinterfaces><config><varinterfaceip>192.168.11.3</varinterfaceip>
    				<varinterfaceport>1812</varinterfaceport>
    				<varinterfacetype>auth</varinterfacetype>
    				<varinterfaceipversion>ipaddr</varinterfaceipversion></config></freeradiusinterfaces> 
    		<freeradiusclients></freeradiusclients>
    		<freeradiusauthorizedmacs></freeradiusauthorizedmacs>
    		 <freeradiussettings><config><varsettingsmaxrequests>1024</varsettingsmaxrequests>
    				<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
    				<varsettingscleanupdelay>5</varsettingscleanupdelay>
    				<varsettingsallowcoredumps>no</varsettingsallowcoredumps>
    				<varsettingsregularexpressions>yes</varsettingsregularexpressions>
    				<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
    				<varsettingslogdir>syslog</varsettingslogdir>
    				<varsettingsauth>yes</varsettingsauth>
    				<varsettingsauthbadpass>yes</varsettingsauthbadpass>
    				<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
    				<varsettingsauthgoodpass>yes</varsettingsauthgoodpass>
    				<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
    				<varsettingsstrippednames>no</varsettingsstrippednames>
    				<varsettingshostnamelookups>no</varsettingshostnamelookups>
    				<varsettingsmaxattributes>200</varsettingsmaxattributes>
    				<varsettingsrejectdelay>1</varsettingsrejectdelay>
    				<varsettingsstartservers>5</varsettingsstartservers>
    				<varsettingsmaxservers>32</varsettingsmaxservers>
    				<varsettingsminspareservers>3</varsettingsminspareservers>
    				<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
    				<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
    				<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
    				<varsettingsmotpenable></varsettingsmotpenable>
    				<varsettingsmotptimespan></varsettingsmotptimespan>
    				<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
    				<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
    				<varsettingsmotptokenlength></varsettingsmotptokenlength>
    				<varsettingsenablemacauth>on</varsettingsenablemacauth>
    				<varsettingsenableacctunique></varsettingsenableacctunique></config></freeradiussettings> 
    		<freeradius></freeradius>
    		 <freeradiussqlconf><config><varsqlconfincludeenable>on</varsqlconfincludeenable>
    				<varsqlconfenableauthorize>Enable</varsqlconfenableauthorize>
    				<varsqlconfenableaccounting>Disable</varsqlconfenableaccounting>
    				<varsqlconfenablesession>Disable</varsqlconfenablesession>
    				<varsqlconfenablepostauth>Enable</varsqlconfenablepostauth>
    				<varsqlconfdatabase>mysql</varsqlconfdatabase>
    				<varsqlconfserver>192.168.1.116</varsqlconfserver>
    				<varsqlconfport>3306</varsqlconfport>
    				<varsqlconflogin>radius_bhk</varsqlconflogin>
    				<varsqlconfpassword>hC0FQbXBbTm6BsfdMzAviJgvbafj</varsqlconfpassword>
    				<varsqlconfradiusdb>radius_bhk</varsqlconfradiusdb>
    				<varsqlconfaccttable1>radacct</varsqlconfaccttable1>
    				<varsqlconfaccttable2>radacct</varsqlconfaccttable2>
    				<varsqlconfpostauthtable>radpostauth</varsqlconfpostauthtable>
    				<varsqlconfauthchecktable>radcheck</varsqlconfauthchecktable>
    				<varsqlconfauthreplytable>radreply</varsqlconfauthreplytable>
    				<varsqlconfgroupchecktable>radgroupcheck</varsqlconfgroupchecktable>
    				<varsqlconfgroupreplytable>radgroupreply</varsqlconfgroupreplytable>
    				<varsqlconfusergrouptable>radusergroup</varsqlconfusergrouptable>
    				<varsqlconfreadgroups>yes</varsqlconfreadgroups>
    				<varsqlconfdeletestalesessions>yes</varsqlconfdeletestalesessions>
    				<varsqlconfsqltrace>no</varsqlconfsqltrace>
    				<varsqlconfnumsqlsocks>5</varsqlconfnumsqlsocks>
    				<varsqlconfconnectfailureretrydelay>60</varsqlconfconnectfailureretrydelay>
    				<varsqlconflifetime>0</varsqlconflifetime>
    				<varsqlconfmaxqueries>0</varsqlconfmaxqueries>
    				<varsqlconfreadclients>yes</varsqlconfreadclients>
    				<varsqlconfnastable>nas</varsqlconfnastable>
    				<varsqlconf2failover>redundant</varsqlconf2failover>
    				<varsqlconf2includeenable>on</varsqlconf2includeenable>
    				<varsqlconf2enableauthorize>Enable</varsqlconf2enableauthorize>
    				<varsqlconf2enableaccounting>Disable</varsqlconf2enableaccounting>
    				<varsqlconf2enablesession>Disable</varsqlconf2enablesession>
    				<varsqlconf2enablepostauth>Enable</varsqlconf2enablepostauth>
    				<varsqlconf2database>mysql</varsqlconf2database>
    				<varsqlconf2server>192.168.1.178</varsqlconf2server>
    				<varsqlconf2port>3306</varsqlconf2port>
    				<varsqlconf2login>radius_bhk</varsqlconf2login>
    				<varsqlconf2password>hC0FQbXBbTm6BsfMzAvi</varsqlconf2password>
    				<varsqlconf2radiusdb>radius_bhk</varsqlconf2radiusdb>
    				<varsqlconf2accttable1>radacct</varsqlconf2accttable1>
    				<varsqlconf2accttable2>radacct</varsqlconf2accttable2>
    				<varsqlconf2postauthtable>radpostauth</varsqlconf2postauthtable>
    				<varsqlconf2authchecktable>radcheck</varsqlconf2authchecktable>
    				<varsqlconf2authreplytable>radreply</varsqlconf2authreplytable>
    				<varsqlconf2groupchecktable>radgroupcheck</varsqlconf2groupchecktable>
    				<varsqlconf2groupreplytable>radgroupreply</varsqlconf2groupreplytable>
    				<varsqlconf2usergrouptable>radusergroup</varsqlconf2usergrouptable>
    				<varsqlconf2readgroups>yes</varsqlconf2readgroups>
    				<varsqlconf2deletestalesessions>yes</varsqlconf2deletestalesessions>
    				<varsqlconf2sqltrace>no</varsqlconf2sqltrace>
    				<varsqlconf2numsqlsocks>5</varsqlconf2numsqlsocks>
    				<varsqlconf2connectfailureretrydelay>60</varsqlconf2connectfailureretrydelay>
    				<varsqlconf2lifetime>0</varsqlconf2lifetime>
    				<varsqlconf2maxqueries>0</varsqlconf2maxqueries>
    				<varsqlconf2readclients>yes</varsqlconf2readclients>
    				<varsqlconf2nastable>nas</varsqlconf2nastable></config></freeradiussqlconf> 
    		 <freeradiuseapconf><config><vareapconfdisableweakeaptypes></vareapconfdisableweakeaptypes>
    				<vareapconfdefaulteaptype>md5</vareapconfdefaulteaptype>
    				<vareapconftimerexpire>60</vareapconftimerexpire>
    				<vareapconfignoreunknowneaptypes>no</vareapconfignoreunknowneaptypes>
    				<vareapconfciscoaccountingusernamebug>no</vareapconfciscoaccountingusernamebug>
    				<vareapconfmaxsessions>4096</vareapconfmaxsessions>
    				<ssl_ca_cert>57ecb537e617a</ssl_ca_cert>
    				<ssl_ca_crl>58eb094b75bb4</ssl_ca_crl>
    				<ssl_server_cert>57ecb5e1db7e6</ssl_server_cert>
    				<vareapconfincludelength>yes</vareapconfincludelength>
    				<vareapconffragmentsize>1024</vareapconffragmentsize>
    				<vareapconfenablecheckcertissuer></vareapconfenablecheckcertissuer>
    				<vareapconfcountry></vareapconfcountry>
    				<vareapconfstate></vareapconfstate>
    				<vareapconfcity></vareapconfcity>
    				<vareapconforganization></vareapconforganization>
    				<vareapconfemail></vareapconfemail>
    				<vareapconfcommonname></vareapconfcommonname>
    				<vareapconfenablecheckcertcn></vareapconfenablecheckcertcn>
    				<vareapconfcacheenablecache>no</vareapconfcacheenablecache>
    				<vareapconfcachelifetime>24</vareapconfcachelifetime>
    				<vareapconfcachemaxentries>255</vareapconfcachemaxentries>
    				<vareapconfocspenable>no</vareapconfocspenable>
    				<vareapconfocspoverridecerturl>no</vareapconfocspoverridecerturl>
    				<vareapconfocspurl>http://127.0.0.1/ocsp/</vareapconfocspurl>
    				<vareapconfttlsdefaulteaptype>md5</vareapconfttlsdefaulteaptype>
    				<vareapconfttlscopyrequesttotunnel>no</vareapconfttlscopyrequesttotunnel>
    				<vareapconfttlsusetunneledreply>no</vareapconfttlsusetunneledreply>
    				<vareapconfttlsincludelength>yes</vareapconfttlsincludelength>
    				<vareapconfpeapdefaulteaptype>mschapv2</vareapconfpeapdefaulteaptype>
    				<vareapconfpeapcopyrequesttotunnel>no</vareapconfpeapcopyrequesttotunnel>
    				<vareapconfpeapusetunneledreply>no</vareapconfpeapusetunneledreply>
    				<vareapconfpeapsohenable>Disable</vareapconfpeapsohenable></config></freeradiuseapconf> 
    


  • is your freeradius now working?

    I started mine in command line

    service radiusd onestart
    


  • @woots29:

    is your freeradius now working?

    I started mine in command line

    service radiusd onestart
    

    https://redmine.pfsense.org/issues/7965


  • Rebel Alliance Developer Netgate

    This has been fixed now. I was finally able to reproduce the original issue.