Restored /usr/local/etc/raddb/users file, users don't show up

yeahmagnets · May 2, 2023, 7:22 PM

Hi,

Using PfSENSE 2.6.0, two days ago system crashed due to bad hdd without latest backup, somehow we managed to save /usr/local/etc/raddb/users file from corrupted hdd, re-installed pfsense to brand new disk and re-configured system, copied recovered /usr/local/etc/raddb/users file to new installation but when i go to Services->FreeRadius->Users list is empty, but i can see file is full of users when i go Services->FreeRadius->View Config->Users

strange thing is when i run ;

radtest testuser password localhost 0 Secretkey

it returns;

Received Access-Accept Id 87 from 127.0.0.1:1812 to 127.0.0.1:58856 length 20

another strange thing is it returns Received Access-Accept even if i delete testuser from "/usr/local/etc/raddb/users" file and restart freeradius service.

What am i doing wrong? Why users doesn't show up even file is not empty?

jimp · May 2, 2023, 7:39 PM

The GUI would not read that users file for anything. That file is created from contents in config.xml. For the entries to work properly, they must be in the firewall configuration.

yeahmagnets · May 3, 2023, 12:29 PM

@jimp is there any chance to add those users from users file to config xml file?

jimp · May 3, 2023, 5:24 PM

I am not aware of any existing utilities that would convert the users file back into config.xml format.

yeahmagnets · May 3, 2023, 5:24 PM

@jimp ok i'll look for a solution, but the real question is testuser is not in configxml and not in /usr/local/etc/raddb/users file but when i run radtest for test user it returns

Received Access-Accept Id 47 from 127.0.0.1:1812 to 127.0.0.1:36118 length 20

how is it possible?

Gertjan · May 5, 2023, 8:13 AM

@yeahmagnets said in Restored /usr/local/etc/raddb/users file, users don't show up:

how is it possible?

You - us - need more details.

The 'system works :

[23.01-RELEASE][admin@pfSense.near.by]/usr/local/pkg: radtest x x 192.168.2.1 0 radius
Sent Access-Request Id 84 from 0.0.0.0:37887 to 192.168.2.1:1812 length 71
        User-Name = "x"
        User-Password = "a"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "a"
Received Access-Accept Id 84 from 192.168.2.1:1812 to 192.168.2.1:37887 length 57
        Acct-Interim-Interval = 600
        WISPr-Redirection-URL = "https://www.google.com/"
[23.01-RELEASE][admin@pfSense.near.by]/usr/local/pkg: radtest x b 192.168.2.1 0 radius
Sent Access-Request Id 32 from 0.0.0.0:43449 to 192.168.2.1:1812 length 71
        User-Name = "x"
        User-Password = "b"
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "b"
Received Access-Reject Id 32 from 192.168.2.1:1812 to 192.168.2.1:43449 length 20
(0) -: Expected Access-Accept got Access-Reject

Use x has password 'a' - and not password 'b'

Stop Freeradius in the GUI.
Open another console SSH access, and run

radiusd -X

Now you have details.

In the first console SSH do you test again.

Check the logs.
I'm pretty sure that it is a config issue.
It's already 'hard' to get radius answering "Access-Accept" ;)

@yeahmagnets said in Restored /usr/local/etc/raddb/users file, users don't show up:

we managed to save

You only need to take care of one little file : the config.xml as everything is in there.

Go here Diagnostics > Backup & Restore > Backup & Restore for a manual save.
I'm also using a PC (server) that auto logs in, and retrieves that file.
I'm also using Services > Auto Configuration Backup > Settings for the off-site backup.