• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Radius PHP Errors after 2.4.4 Update

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
9 Posts 5 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    hbauer
    last edited by Sep 29, 2018, 11:33 AM

    Starting from 2.3.4_p1 I removed all packages and started the upgrade via webadmin.
    The process did not show any errors and finished with "Success"

    After arround 10 minutes I could ping the pfsense and connectivity was up.

    Unfortunately I can not login into the webadmin.

    Fatal error: Error converting Address in /usr/local/share/pear/Auth/RADIUS.php on line 218 PHP ERROR: Type: 1, File: /usr/local/share/pear/Auth/RADIUS.php, Line: 218, Message: Error converting Address
    

    I connected to the usb console and tried a second run

    pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
    pkg-static upgrade -f
    reboot
    
    

    Still no obvious error during the process. pfsense is "working" except the missing access to webadmin

    any ideas?

    1 Reply Last reply Reply Quote 0
    • H
      hbauer
      last edited by Sep 30, 2018, 8:43 AM

      I could not solve it but I could upgrade without radius enabled. Here is what I tried

      • reinstall 2.4.4 and restoring config => no luck
      • reinstall 2.4.3 and upgrading with an admin that is not in radius => no luck
      • reinstall 2.4.3 disabling radius and upgrade => success

      I assume there is a bug in the radius portion of pfsense

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Oct 1, 2018, 7:02 PM

        What do you have the IP address of the RADIUS server set to in the authentication servers entry?

        We saw this last week when someone had incorrectly put two IP addresses into the box for the server address. That was not intended to be allowed, and does not work with the new RADIUS library.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        H 1 Reply Last reply Oct 2, 2018, 3:08 AM Reply Quote 0
        • H
          hbauer @jimp
          last edited by Oct 2, 2018, 3:08 AM

          @jimp only one IP address in fqdn format

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Oct 2, 2018, 2:15 PM

            Does it work if you change that to an IP address?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • H
              hbauer
              last edited by Oct 2, 2018, 5:38 PM

              Actually I will have to find the time to test ist. currently I am happy that I can use a local admin. But I hope I will be able to test in in the next two weeks

              1 Reply Last reply Reply Quote 0
              • P
                Prorvazz
                last edited by Oct 24, 2018, 9:48 PM

                The solution is:
                Comment out line 218 in File: /usr/local/share/pear/Auth/RADIUS.php
                After that, go to the web console
                System - User Manager - Authentication Servers
                Edit RADIUS
                click apply
                Uncoment line 218 in /usr/local/share/pear/Auth/RADIUS.php
                After that, enjoy the working version and do not forget to backup.

                1 Reply Last reply Reply Quote 1
                • P
                  Pack3tL0ss
                  last edited by Pack3tL0ss Nov 28, 2018, 5:16 AM Nov 28, 2018, 5:16 AM

                  For the record @Prorvazz 's solution appears to have done the trick.

                  There was no "click apply" for the settings involved, but I did go into both of the Radius servers I have configured, changed the NAS IP Address to the loopback (just because I had configured it, and never selected it for Radius)... I expect going in and making no change, and hitting save would have accomplished the same goal.

                  I then removed the comment from line 218 logged out, and logged back in using a locally configured admin account. It tried Radius, then logged me in (fallback to local).

                  In case someone comes across this @Prorvazz solution is a viable work-around.

                  1 Reply Last reply Reply Quote 0
                  • S
                    sixhopsaway
                    last edited by sixhopsaway Feb 21, 2019, 12:35 AM Feb 21, 2019, 12:33 AM

                    Through a packet capture on interface facing the radius server, I found that the ip address was malformed and radius server was dropping the access-request packet. This was a great discovery, as I found the line 218 in radius.php file is not the problem. I have been asking for NAS-IP-ADDRESS support in the Radius client for what seems like years. They finally added it to the Radius process as a valid attribute, but from what I can tell, it defaults to the WAN interface, which for me also happened to be dhcp. With the services starting and dhcp not yet available, the line 218 failed to find the dhcp address and in return failed on line 218.

                    Fix: Assign the interface facing the Radius server as the NAS-IP-ADDRESS, which is most likely your LAN interface and should be "static". This change should be done under System>User Manager > Authentication Servers > (edit) Radius Server> Choose NAS-IP-ADDRESS interface from drop down menu.

                    Note** Traffic from FW Radius Client sources from the egressing interface of firewall. This ip address does not have to match the NAS-IP-ADDRESS, but should be same for ease of configuration on Radius Server.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      [[user:consent.lead]]
                      [[user:consent.not_received]]