Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default.

    Scheduled Pinned Locked Moved pfSense Packages
    9 Posts 5 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GregBinSD
      last edited by

      pfSense Plus version 23.05.1-RELEASE (amd64) on a Dell Optiplex 3060.

      Have been running FreeRadius3 for 3+ years with no issues. I foolishly updated FreeRadius3 from version 0.15.10 to 0.15.10_1 during working hours and all FreeRadius3 configuration files were set to default values, empty.

      The only solution that I can see is to wait until my 200+ users have gone home, remove the FreeRadius3 package, and then restore the packages from a backup that I made last week.

      It would be really nice if I could restore the configuration files to a directory on a PC or the firewall, and then copy them over the empty ones.

      G GertjanG 2 Replies Last reply Reply Quote 0
      • G
        GregBinSD @GregBinSD
        last edited by

        Adding to what I said above, I was able to boot a backup version of the production pfSense router and use WinSCP to grab all of the files from the /usr/local/etc/raddb directory. I copied them to my PC, and then uploaded them to the production firewall. I then restarted the radiusd service, but I am still unable to logon.

        I guess that I will have to wait until most users are off the system this evening so I can remove the FreeRadius3 package, reboot the firewall, reinstall the package from a backup file, and then reboot and test the FreeRadius3 service. Fingers crossed!

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @GregBinSD
          last edited by johnpoz

          @GregBinSD your config should be in your last backup - you just need to restore it, and you don't have to change the package.. Just had thread about this..

          https://forum.netgate.com/topic/183054/freeradius-after-upgrade-from-0-15-10-to-0-15-10_1-error-during-authentication-operation-timed-out

          Which I linked to the redmine about it as well.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • G
            GregBinSD
            last edited by

            @johnpoz
            Thank you for the info, John. I will be doing the restore after hours and testing. I'll get back with the method and the results.

            1 Reply Last reply Reply Quote 0
            • G
              GregBinSD
              last edited by

              I was able to restore the FreeRadius3 configuration with all users working.

              The way that I did it was to remove the FreeRadius3 package. I then reinstalled it. I went to Diagnostics, Backup and Restore, and picked the most recent backup from last week, and selected to restore only the Package Manage from the list. pfSense needed to be rebooted. Lastly, I selected Reinstall All Packages.

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @GregBinSD
                last edited by

                @GregBinSD said in Upgrade of FreeRadius3 from 0.15.10 to 0.15.10_1 sets all configuration values to default.:

                restore the packages from a backup that I made last week

                You're not using :

                ed465aa2-e010-4dab-803f-41e71d642b0a-image.png

                ?

                If I might ask : why ?
                And any reason will be a good reason. But Then you have to apply plan B : make local copies. You could automatize this also ....

                Normally, it's not a simple package update that can 'wipe' stuff.
                I don't count the hard disks dying on me anymore..... and when doing so, they do take all the data with them.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  The older version of the package (0.15.10) had a bug where it wouldn't respect the "keep settings" value unless you had went to the main Settings tab in FreeRADIUS and clicked Save there at least once since that option was added however long ago. So when that version was uninstalled, it removed your settings. It's fixed in 0.15.10_1.

                  https://redmine.pfsense.org/issues/14806

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 1
                  • GertjanG Gertjan referenced this topic on
                  • G
                    GregBinSD
                    last edited by

                    @jimp
                    Thank you for fixing that bug!

                    1 Reply Last reply Reply Quote 0
                    • F
                      Finger79
                      last edited by Finger79

                      Oof, this wiped out my FreeRADIUS config as well. Did a full restore from a manual backup and a reboot. Thank goodness for backups.

                      Can this FreeRADIUS security issue get some love? I deleted all my users (1 user for each phone, iPad, laptop, etc.) to test it, and they're all still able to connect. Using EAP-TLS. That checkbox basically does nothing. Thanks

                      Check Client Certificate CN
                      Validate the Client Certificate Common Name

                      When enabled, the Common Name of the client certificate must match the username set in 'FreeRADIUS > Users'. (Default: Unchecked)

                      1 Reply Last reply Reply Quote 0
                      • F Finger79 referenced this topic on
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.