Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restore missing FreeRADIUS config

    Scheduled Pinned Locked Moved
    pfSense Packages
    3
    10
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Rebel Alliance
      last edited by SteveITS

      After a backup router in an HA config failed we played a bit of musical routers (chairs) and replaced them both. Afterwards I realized the rarely used FreeRADIUS config is missing...users, etc. It is in the config file I restored, but not in the backup after the restore. It looks like it just installed the package with a default config. Any ideas why/how?

      Is there an better way to restore it, other than copy/paste them all into a config backup, and restore again?

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @SteveITS
        last edited by

        Appears there is a bad bug:

        Jul 20 21:53:24 php 38236 //etc/rc.packages: Configuration Change: (system): Overwrote previous installation of freeradius3.
        Jul 20 21:53:23 php 38236 //etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for freeradius3.
        Jul 20 21:53:23 php 38236 //etc/rc.packages: Beginning package installation for freeradius3 .
        Jul 20 21:53:23 check_reload_status 329 Syncing firewall
        Jul 20 21:53:23 php 36496 /etc/rc.packages: Configuration Change: (system): [freeRADIUS] Package uninstalled.
        Jul 20 21:53:22 php 36496 /etc/rc.packages: [freeRADIUS] Removing all FreeRADIUS settings since 'Keep Settings/Data' is disabled...
        Jul 20 21:53:22 check_reload_status 329 Syncing firewall
        Jul 20 21:53:22 php 36496 /etc/rc.packages: Configuration Change: (system): Intermediate config write during package removal for freeradius3.
        Jul 20 21:53:22 php 36496 /etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'

        but by default:
        f93de933-1e14-4433-b995-9acb2e0927ea-image.png

        Seems if I uncheck the box, and save, the config file contains <keep_settings></keep_settings> inside <freeradiussettings>. If I check the box, and save, the config file contains <keep_settings>on</keep_settings> However neither of my HA router's config files have that tag and a new install on a different router is missing it as well, even though the box is checked.

        This missing section (see redmine) can be added next to the <freeradiuseapconf> tag and the config file restored again. To recover, also copy <freeradiuseapconf>, <freeradius>, <freeradiusclients>, and <freeradiusinterfaces> from a valid backup and restore it.

        https://redmine.pfsense.org/issues/14596

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @SteveITS
          last edited by Gertjan

          @SteveITS said in Restore missing FreeRADIUS config:

          This missing section (see redmine) can be added next to the <freeradiuseapconf> tag

          You mean : <freeradiussettings> :

          		<freeradiussettings>
			<config>
			......
				<keep_settings>on</keep_settings>

          When I uncheck :

          fce5bfa5-eb0a-4d97-bb70-e4e3377a0457-image.png

          and do a "backup config", I see (on the right side) :

          5673dcf1-ecd1-4515-80c5-c9769e30a9d6-image.png

          The left side is the version with "Save settings after deletion" checked.

          Your issue is probably : when you uncheck, this setting change is not "xml-synced" to the HA slave pfSense (as it is unchecked - so 'false', so the entire keep_settings></keep_settings> is disregarded ?!).
          So, is this a "XMLRPC Sync" issue ?

          Btw : I've this setting always set to "on". Cleaning up my config.xml is something I do 'myself', when needed (very rare situation).

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          S 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @Gertjan
            last edited by SteveITS

            @Gertjan Let me try to explain better.

            Case 1:
            On a new install of FreeRADUIS the entire <freeradiussettings> is not present in the config.xml.

            FreeRADIUS/Settings shows "Save settings after deletion" is checked.

            If one makes changes such as adding users, those users are in the config file.

            If one then restores that config file, the users are removed because <freeradiussettings> and by extension <keep_settings> are not in the config file.

            Case 2:
            On a new install of FreeRADUIS the entire <freeradiussettings> is not present in the config.xml.

            Go to FreeRADIUS/Settings, and click the Save button. Now <freeradiussettings> is present in the config.xml.

            If one then restores that config file, users are restored.

            Overall the issue is that:

            1. <keep_settings> defaults to checked in the GUI
            2. <keep_settings> defaults to unchecked in the config file

            The two are different until someone clicks the Save button.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            GertjanG 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Rebel Alliance @Gertjan
              last edited by

              @Gertjan said in Restore missing FreeRADIUS config:

              @SteveITS said in Restore missing FreeRADIUS config:

              This missing section (see redmine) can be added next to the <freeradiuseapconf> tag

              You mean : <freeradiussettings> :

              There are several sections including <freeradiussettings> that appear next to/below/siblings to <freeradiuseapconf> in the config file.

              Basically:

              • click the Save button and extract <freeradiussettings> from the config file
              • paste <freeradiussettings> into a current config backup
              • paste in the missing FreeRADIUS data from an old backup (users, etc., see the redmine)
              • restore

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @SteveITS
                last edited by SteveITS

                Stated differently, it is not possible to restore FreeRADIUS settings unless one has at some point clicked the Save button the Settings tab.

                In addition "all settings will be wiped on package uninstall/reinstall/upgrade" unless the Save button has been clicked at some point before then.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @SteveITS
                  last edited by

                  @SteveITS

                  I was trying to find a local issue, and thus solution.
                  I guess I'm good at doing the test myself : removing FreeRadius. Then clean the config, by removing all Freeradius settings that are still there.
                  And then : do your two cases.

                  But : it's weekend here in less then 1 hour, so, I'll have a look at this as soon as I come back.

                  Btw : the "a new install" happened twice for me the last 12 years : When I installed "pfSense 1.0" (2008 ?) and when I bought the 'official' appliance '4100' last year.
                  FreeRadius updates ones in a while, but I have the <keep_settings> checked so I never noticed something. I use the FreeRadius created users for my captive portal access.

                  edit :

                  @SteveITS said in Restore missing FreeRADIUS config:

                  Overall the issue is that:

                  <keep_settings> defaults to checked in the GUI
<keep_settings> defaults to unchecked in the config file

                  The two are different until someone clicks the Save button.

                  On a new install, with a new Freeradius install, for FreeRadius to actually work, you have to visit the main "Services > FreeRADIUS > Settings" page (... humm ... default values might be good already, but I would check "Save settings after deletion" and set it, then save ).
                  Right after the save, "<keep_settings>on</keep_settings>" should exist in the config file.

                  Hummm ... I'm reading your words again.
                  You say : in the GUI, "Save settings after deletion" is checked.
                  And at that very moment, in the config.xml file, there is no <keep_settings>on</keep_settings> to be found (in the <freeradiussettings> ...... </freeradiussettings> section).
                  That would be a bug ... and is strange, as the GUI pages are filled in with info coming from the config.xml file.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Rebel Alliance @Gertjan
                    last edited by SteveITS

                    @Gertjan said in Restore missing FreeRADIUS config:

                    You say : in the GUI, "Save settings after deletion" is checked.
                    And at that very moment, in the config.xml file, there is no <keep_settings>on</keep_settings> to be found

                    Exactly, the GUI shows defaults but they are not in the config file.

                    During a restore, at least, it assumes keep_settings is off unless it's in the config file.

                    Saving the settings does put it in the config file. When I set it up, I did not click Save because I left it all at defaults.

                    I did try pasting in all the users, etc. without <freeradiussettings> and restoring again and got the same message "Removing all FreeRADIUS settings since 'Keep Settings/Data' is disabled..." So one has to create the <freeradiussettings> section in order to restore.

                    Edit:
                    A quick test would be to remove <freeradiussettings> and restore, you should see all FreeRADIUS data deleted.

                    According to the description that would also be the case for package upgrades or pfSense upgrades since pfSense upgrades now reinstall packages automatically, I believe. That would mean it could happen quietly over time.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      slu @SteveITS
                      last edited by

                      Well, I run into the same problem after the upgrade to 0.15.10_1 today.
                      Lost my complete configuration of FreeRadius and must restore from backup.

                      pfSense Gold subscription

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Rebel Alliance @slu
                        last edited by

                        @slu said in Restore missing FreeRADIUS config:

                        same problem after the upgrade to 0.15.10_1 today

                        Hmmm, rereading https://redmine.pfsense.org/issues/14806, if the issue happens on uninstall, that would always be the "old" package and therefore the issue is going to affect everyone until after they get on 0.15.10_1. :(

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote 👍 helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • S SteveITS referenced this topic on
                        • S SteveITS referenced this topic on
                        • First post
                          Last post