Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.

    pfSense Packages
    9
    23
    3200
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sisko212 last edited by sisko212

      Hi all,
      Today i did a fresh 2.4.4 install, and restored a previous 2.4.3 config.
      After reboot, and reinstalled all packages, freeradius seems to be installed bot doens't start
      I can't find any log file... no in system log neither /var/log/radius.log.
      Anyone get same issue ?

      Anyone do know how to remove previous Freeradius config in order to do a clean empty install ?

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        If you make a change in the FreeRADIUS settings and save, nothing is logged?

        The FreeRADIUS package is the same on 2.4.3 and 2.4.4, there shouldn't be any differences there.

        You might try removing the FreeRADIUS package, and then adding it back in. You should not need to make any changes to your settings.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sisko212 last edited by

          i am an idiot... if I had read better all installation logs of the package, I would have solved immediately.
          Package is changed or someting related... and then it requires:

          1. To enable FreeRADIUS, put the following line in /etc/rc.conf
            radiusd_enable="YES"

          2. To start the server in normal (daemon) mode, run:
            /usr/local/etc/rc.d/radiusd start

          I have to try if freeradius survive at boot, but at least is working now.

          NogBadTheBad 1 Reply Last reply Reply Quote 0
          • NogBadTheBad
            NogBadTheBad @sisko212 last edited by

            @sisko212 said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

            i am an idiot... if I had read better all installation logs of the package, I would have solved immediately.
            Package is changed or someting related... and then it requires:

            1. To enable FreeRADIUS, put the following line in /etc/rc.conf
              radiusd_enable="YES"

            2. To start the server in normal (daemon) mode, run:
              /usr/local/etc/rc.d/radiusd start

            I have to try if freeradius survive at boot, but at least is working now.

            Do you ?

            My install seems to work fine and my rc.conf reads:-

            # THIS FILE DOES NOTHING, DO NOT MAKE CONFIG CHANGES HERE
            
            # -- BEGIN BSD Installer automatically generated configuration  -- #
            # -- Written on Sun Apr 9 16:43:20 UTC 2017-- #
            dumpdev='/dev/ada0s1b'
            dumpdir='/var/crash'
            # -- END of BSD Installer automatically generated configuration -- #
            

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              You do not need to put that entry in rc.conf or anywhere else. The package sync process will start it automatically.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • S
                sisko212 last edited by

                I don't know what to think...
                I agree, usually rc.conf should not be edited, but i just readed better all logs while package reinstallation... here its log:

                Message from freeradius3-3.0.17:

                ===============================================================================

                To enable FreeRADIUS, put the following line in /etc/rc.conf

                radiusd_enable="YES"

                The sample configuration can be found at
                /usr/local/share/examples/freeradius/raddb

                If you are upgrading FreeRADIUS, you are advised to use this as a reference
                for updating your configuration.

                FreeRADIUS will look for its configuration directory at
                /usr/local/etc/raddb by default.

                If you did not already have a configuration at this location, the sample
                configuration has been copied to this location and has been bootstrapped.

                If you wish to point FreeRADIUS to a configuration at a different
                location, put the following line in /etc/rc.conf

                radiusd_flags="-d /path/to/raddb"

                To start the server in normal (daemon) mode, run:

                /usr/local/etc/rc.d/radiusd start

                and to stop the server, run:

                /usr/local/etc/rc.d/radiusd stop

                To start the server in debugging mode, run:

                /usr/local/etc/rc.d/radiusd debug

                You are advised to make cautious changes to the configuration, and to test
                frequently, using debugging mode where necessary. Try to resist the
                temptation to disable or delete things that you don't understand - you may
                well break things!

                Useful configuration advice can be found in the FreeRADIUS Wiki at
                http://wiki.freeradius.org

                ===============================================================================
                Message from pfSense-pkg-freeradius3-0.15.5_3:

                Please visit Services > FreeRADIUS menu to configure the package.

                EAP certificate configuration is required before using the package.
                Visit System > Cert. Manager and create a CA and a server certificate.
                After that, visit Services > FreeRADIUS > EAP tab and complete
                the 'Certificates for TLS' section (and, optionally, also the 'EAP-TLS' section.)

                Cleaning up cache... done.
                Success

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  That output is from the FreeBSD package, it isn't relevant to pfSense, but it can't (easily) be suppressed.

                  The only part you need to pay attention to is the "Message from pfSense-pkg-freeradius3 ..." section.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • S
                    sisko212 last edited by

                    I did another fresh install (i have two identical hardware for backup and testing purpose) of pfsense 2.4.4.
                    Then restored my previous config file, and also for this new installation, freeradius did not start from gui.
                    I had no logs from /var/log/radiusd (even enabled on gui config) neither from gui Status -> System Logs.
                    This time, without any modification on /etc/rc.conf, i just send, by ssh console, an
                    /usr/local/etc/rc.d/radiusd start
                    And daemon has started normally and /var/log/radiusd was filled with all infos.
                    From now, looks even from gui, the service can be stopped and started.
                    So, related to my previous post, perhaps the key was not the /etc/rc.conf modification, but just once starting freeradius service by console.

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      Curious. I have FreeRADIUS installed on maybe half a dozen test systems here and it automatically starts on all of them.

                      Do you see any errors on the console or in the logs at boot time about FreeRADIUS?

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • S
                        sisko212 last edited by

                        @jimp unfortunately not... no errors, no logs, nothing, just the status icon stays red, on Status -> Services section

                        jimp 1 Reply Last reply Reply Quote 0
                        • Gertjan
                          Gertjan last edited by

                          Hi,

                          When freeradius is stopped, use the console, option 8, and enter

                          radiusd -X
                          

                          All logging will be done to the console - you'll be seeing errors if they exist.

                          No "help me" PM's please. Use the forum.

                          1 Reply Last reply Reply Quote 0
                          • jimp
                            jimp Rebel Alliance Developer Netgate @sisko212 last edited by

                            @sisko212 said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

                            @jimp unfortunately not... no errors, no logs, nothing, just the status icon stays red, on Status -> Services section

                            So it didn't start even if you clicked the start button on Status > Services?

                            But after you started it manually once from the command line, it works every time now?

                            I'll have to setup a fresh install VM and see if I can replicate it that way. Perhaps mine work because they're already configured.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            S 1 Reply Last reply Reply Quote 0
                            • S
                              sisko212 @jimp last edited by

                              So it didn't start even if you clicked the start button on Status > Services?

                              right..

                              But after you started it manually once from the command line, it works every time now?

                              right again..

                              I'll have to setup a fresh install VM and see if I can replicate it that way. Perhaps mine work because they're already configured.

                              Ok thanks... if can helps, my pfsense is installed to a zfs pool mirrored to 2 ssd.
                              Let me know, if you need more details about hardware i am using... or, if you need, i will try to send you my config file... just i will try to remove users passwords and certificates sections from it

                              1 Reply Last reply Reply Quote 0
                              • D
                                dddave last edited by

                                Hi all,

                                I just upgraded freeradius3 package to version 0.15.5_4 running on APU hardware with pfsense build: 2.4.4-RELEASE.

                                It's been running pretty much rock solid for years... (should not have upgraded! :( ).

                                I need guidance on where to look to help diagnose this please??? :(

                                Previously after the last update I had to manually re-start after a boot up -> now I cannot manually start, and I cannot see any logs in the radius.log file under /var/log? No errors in any of the system logs. Is this a temporary issue that anyone is aware of? Its been pretty rock stable until now. Re-installation of the package / changing a few settings or rolling config back config has not helped. Cannot get the service to boot. Does this ring any bell's / idea's from anyone? Luckily it only handles Wireless authentication, so we have 1 SSID I can use that is rate limited that doesn't use it - so the family "may not notice" - but I'm a tad surprised as I know some big names use PFSense, for various elements.

                                Where may I find more log information to help break the root cause down?

                                Thanks in advance - please link to other posts if I couldn't find them - or advise if this is already know / in pending merges.

                                David

                                1 Reply Last reply Reply Quote 0
                                • D
                                  dddave last edited by

                                  And yes - sorry I know the package is third party - please advise where to post if this is not suitable - but it doesn't help the brand, as many consumers will see it as part of the PFSense brand.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    juruteknik last edited by

                                    hi dddave, please share the output of radiusd -X

                                    i have same problem here

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      strangegopher last edited by strangegopher

                                      Same issue here.

                                      radiusd -X show:

                                      Errors reading /usr/local/etc/raddb/dictionary: dict_init: /usr/local/etc/raddb/dictionary[6] invalid entry
                                      

                                      /usr/local/etc/raddb/dictionary :

                                      # Local dictionary, does not need to include the master dictionary
                                      ATTRIBUTE               MOTP-Init-Secret                900     string
                                      ATTRIBUTE               MOTP-PIN                        901     string
                                      ATTRIBUTE               MOTP-Offset                     902     string
                                      
                                       /usr/share/doc/radius/dictionary.pfsense
                                      
                                      

                                      edit: removing the last line fixes the issue. also changing the last line to be this works

                                      $INCLUDE /usr/share/doc/radius/dictionary.pfsense
                                      

                                      Now a reboot will remove this fix.

                                      edit2: created bug report - https://redmine.pfsense.org/issues/8989

                                      R Gertjan 2 Replies Last reply Reply Quote 3
                                      • R
                                        RikkertJ @strangegopher last edited by

                                        @strangegopher that seems to resolve the issue. Thank you!

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          sisko212 @RikkertJ last edited by

                                          @strangegopher I can confirm your workaround. This fix the issue.

                                          1 Reply Last reply Reply Quote 0
                                          • F
                                            free4 Rebel Alliance last edited by free4

                                            @dddave @juruteknik @strangegopher @RikkertJ and @sisko212
                                            I appologize for this problem, this is my fault. I am an occasional contributor to pfSense and it's me who caused this issue.

                                            I submited a pull request to fix the issue ( https://github.com/pfsense/FreeBSD-ports/pull/579 ). I hope it will be merged fast.

                                            1 Reply Last reply Reply Quote 0
                                            • Gertjan
                                              Gertjan @strangegopher last edited by Gertjan

                                              @strangegopher said in [SOLVED] Freeradius doesn't start after a pfsense 2.4.4 fresh install and restored previous config.:

                                              Same issue here.
                                              edit: removing the last line fixes the issue. also changing the last line to be this works

                                              $INCLUDE /usr/share/doc/radius/dictionary.pfsense
                                              

                                              Now a reboot will remove this fix.
                                              edit2: created bug report - https://redmine.pfsense.org/issues/8989

                                              Edit (only) this file : /usr/local/pkg/freeradius.inc
                                              Line 3666
                                              Change

                                              $INCLUDE /usr/share/doc/radius/dictionary.pfsense
                                              

                                              for

                                              \$INCLUDE /usr/share/doc/radius/dictionary.pfsense
                                              

                                              Escaping the $ (adding a backslash in front) and "$INCLUDE" will be included literally.
                                              Now the patch will persists after rebooting.

                                              Btw : to apply the edit : reboot !

                                              edit : @free4 : look at the source, it's just the backslash that is missing. Instead of reverting your PL, add another PL and done ^^

                                              No "help me" PM's please. Use the forum.

                                              1 Reply Last reply Reply Quote 0
                                              • jimp
                                                jimp Rebel Alliance Developer Netgate last edited by

                                                This should be fixed in the latest version of the pkg now

                                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                Need help fast? Netgate Global Support!

                                                Do not Chat/PM for help!

                                                1 Reply Last reply Reply Quote 0
                                                • Gertjan
                                                  Gertjan last edited by

                                                  Yep, installed the ...5 : case closed.

                                                  No "help me" PM's please. Use the forum.

                                                  1 Reply Last reply Reply Quote 0
                                                  • First post
                                                    Last post