[SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.



  • Hi all,
    Today i did a fresh 2.4.4 install, and restored a previous 2.4.3 config.
    After reboot, and reinstalled all packages, freeradius seems to be installed bot doens't start
    I can't find any log file... no in system log neither /var/log/radius.log.
    Anyone get same issue ?

    Anyone do know how to remove previous Freeradius config in order to do a clean empty install ?


  • Rebel Alliance Developer Netgate

    If you make a change in the FreeRADIUS settings and save, nothing is logged?

    The FreeRADIUS package is the same on 2.4.3 and 2.4.4, there shouldn't be any differences there.

    You might try removing the FreeRADIUS package, and then adding it back in. You should not need to make any changes to your settings.



  • i am an idiot... if I had read better all installation logs of the package, I would have solved immediately.
    Package is changed or someting related... and then it requires:

    1. To enable FreeRADIUS, put the following line in /etc/rc.conf
      radiusd_enable="YES"

    2. To start the server in normal (daemon) mode, run:
      /usr/local/etc/rc.d/radiusd start

    I have to try if freeradius survive at boot, but at least is working now.


  • Galactic Empire

    @sisko212 said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

    i am an idiot... if I had read better all installation logs of the package, I would have solved immediately.
    Package is changed or someting related... and then it requires:

    1. To enable FreeRADIUS, put the following line in /etc/rc.conf
      radiusd_enable="YES"

    2. To start the server in normal (daemon) mode, run:
      /usr/local/etc/rc.d/radiusd start

    I have to try if freeradius survive at boot, but at least is working now.

    Do you ?

    My install seems to work fine and my rc.conf reads:-

    # THIS FILE DOES NOTHING, DO NOT MAKE CONFIG CHANGES HERE
    
    # -- BEGIN BSD Installer automatically generated configuration  -- #
    # -- Written on Sun Apr 9 16:43:20 UTC 2017-- #
    dumpdev='/dev/ada0s1b'
    dumpdir='/var/crash'
    # -- END of BSD Installer automatically generated configuration -- #
    

  • Rebel Alliance Developer Netgate

    You do not need to put that entry in rc.conf or anywhere else. The package sync process will start it automatically.



  • I don't know what to think...
    I agree, usually rc.conf should not be edited, but i just readed better all logs while package reinstallation... here its log:

    Message from freeradius3-3.0.17:

    ===============================================================================

    To enable FreeRADIUS, put the following line in /etc/rc.conf

    radiusd_enable="YES"

    The sample configuration can be found at
    /usr/local/share/examples/freeradius/raddb

    If you are upgrading FreeRADIUS, you are advised to use this as a reference
    for updating your configuration.

    FreeRADIUS will look for its configuration directory at
    /usr/local/etc/raddb by default.

    If you did not already have a configuration at this location, the sample
    configuration has been copied to this location and has been bootstrapped.

    If you wish to point FreeRADIUS to a configuration at a different
    location, put the following line in /etc/rc.conf

    radiusd_flags="-d /path/to/raddb"

    To start the server in normal (daemon) mode, run:

    /usr/local/etc/rc.d/radiusd start

    and to stop the server, run:

    /usr/local/etc/rc.d/radiusd stop

    To start the server in debugging mode, run:

    /usr/local/etc/rc.d/radiusd debug

    You are advised to make cautious changes to the configuration, and to test
    frequently, using debugging mode where necessary. Try to resist the
    temptation to disable or delete things that you don't understand - you may
    well break things!

    Useful configuration advice can be found in the FreeRADIUS Wiki at
    http://wiki.freeradius.org

    ===============================================================================
    Message from pfSense-pkg-freeradius3-0.15.5_3:

    Please visit Services > FreeRADIUS menu to configure the package.

    EAP certificate configuration is required before using the package.
    Visit System > Cert. Manager and create a CA and a server certificate.
    After that, visit Services > FreeRADIUS > EAP tab and complete
    the 'Certificates for TLS' section (and, optionally, also the 'EAP-TLS' section.)

    Cleaning up cache... done.
    Success


  • Rebel Alliance Developer Netgate

    That output is from the FreeBSD package, it isn't relevant to pfSense, but it can't (easily) be suppressed.

    The only part you need to pay attention to is the "Message from pfSense-pkg-freeradius3 ..." section.



  • I did another fresh install (i have two identical hardware for backup and testing purpose) of pfsense 2.4.4.
    Then restored my previous config file, and also for this new installation, freeradius did not start from gui.
    I had no logs from /var/log/radiusd (even enabled on gui config) neither from gui Status -> System Logs.
    This time, without any modification on /etc/rc.conf, i just send, by ssh console, an
    /usr/local/etc/rc.d/radiusd start
    And daemon has started normally and /var/log/radiusd was filled with all infos.
    From now, looks even from gui, the service can be stopped and started.
    So, related to my previous post, perhaps the key was not the /etc/rc.conf modification, but just once starting freeradius service by console.


  • Rebel Alliance Developer Netgate

    Curious. I have FreeRADIUS installed on maybe half a dozen test systems here and it automatically starts on all of them.

    Do you see any errors on the console or in the logs at boot time about FreeRADIUS?



  • @jimp unfortunately not... no errors, no logs, nothing, just the status icon stays red, on Status -> Services section



  • Hi,

    When freeradius is stopped, use the console, option 8, and enter

    radiusd -X
    

    All logging will be done to the console - you'll be seeing errors if they exist.


  • Rebel Alliance Developer Netgate

    @sisko212 said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

    @jimp unfortunately not... no errors, no logs, nothing, just the status icon stays red, on Status -> Services section

    So it didn't start even if you clicked the start button on Status > Services?

    But after you started it manually once from the command line, it works every time now?

    I'll have to setup a fresh install VM and see if I can replicate it that way. Perhaps mine work because they're already configured.



  • So it didn't start even if you clicked the start button on Status > Services?

    right..

    But after you started it manually once from the command line, it works every time now?

    right again..

    I'll have to setup a fresh install VM and see if I can replicate it that way. Perhaps mine work because they're already configured.

    Ok thanks... if can helps, my pfsense is installed to a zfs pool mirrored to 2 ssd.
    Let me know, if you need more details about hardware i am using... or, if you need, i will try to send you my config file... just i will try to remove users passwords and certificates sections from it



  • Hi all,

    I just upgraded freeradius3 package to version 0.15.5_4 running on APU hardware with pfsense build: 2.4.4-RELEASE.

    It's been running pretty much rock solid for years... (should not have upgraded! :( ).

    I need guidance on where to look to help diagnose this please??? :(

    Previously after the last update I had to manually re-start after a boot up -> now I cannot manually start, and I cannot see any logs in the radius.log file under /var/log? No errors in any of the system logs. Is this a temporary issue that anyone is aware of? Its been pretty rock stable until now. Re-installation of the package / changing a few settings or rolling config back config has not helped. Cannot get the service to boot. Does this ring any bell's / idea's from anyone? Luckily it only handles Wireless authentication, so we have 1 SSID I can use that is rate limited that doesn't use it - so the family "may not notice" - but I'm a tad surprised as I know some big names use PFSense, for various elements.

    Where may I find more log information to help break the root cause down?

    Thanks in advance - please link to other posts if I couldn't find them - or advise if this is already know / in pending merges.

    David



  • And yes - sorry I know the package is third party - please advise where to post if this is not suitable - but it doesn't help the brand, as many consumers will see it as part of the PFSense brand.



  • hi dddave, please share the output of radiusd -X

    i have same problem here



  • Same issue here.

    radiusd -X show:

    Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry
    

    /usr/local/etc/raddb/dictionary :

    # Local dictionary, does not need to include the master dictionary
    ATTRIBUTE               MOTP-Init-Secret                900     string
    ATTRIBUTE               MOTP-PIN                        901     string
    ATTRIBUTE               MOTP-Offset                     902     string
    
     /usr/share/doc/radius/dictionary.pfsense
    
    

    edit: removing the last line fixes the issue. also changing the last line to be this works

    $INCLUDE /usr/share/doc/radius/dictionary.pfsense
    

    Now a reboot will remove this fix.

    edit2: created bug report - https://redmine.pfsense.org/issues/8989



  • @strangegopher that seems to resolve the issue. Thank you!



  • @strangegopher I can confirm your workaround. This fix the issue.



  • @dddave @juruteknik @strangegopher @RikkertJ and @sisko212
    I appologize for this problem, this is my fault. I am an occasional contributor to pfSense and it's me who caused this issue.

    I submited a pull request to fix the issue ( https://github.com/pfsense/FreeBSD-ports/pull/579 ). I hope it will be merged fast.



  • @strangegopher said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

    Same issue here.
    edit: removing the last line fixes the issue. also changing the last line to be this works

    $INCLUDE /usr/share/doc/radius/dictionary.pfsense
    

    Now a reboot will remove this fix.
    edit2: created bug report - https://redmine.pfsense.org/issues/8989

    Edit (only) this file : /usr/local/pkg/freeradius.inc
    Line 3666
    Change

    $INCLUDE /usr/share/doc/radius/dictionary.pfsense
    

    for

    \$INCLUDE /usr/share/doc/radius/dictionary.pfsense
    

    Escaping the $ (adding a backslash in front) and "$INCLUDE" will be included literally.
    Now the patch will persists after rebooting.

    Btw : to apply the edit : reboot !

    edit : @free4 : look at the source, it's just the backslash that is missing. Instead of reverting your PL, add another PL and done ^^


  • Rebel Alliance Developer Netgate

    This should be fixed in the latest version of the pkg now



  • Yep, installed the ...5 : case closed.