FreeRadius won't start (differs from MaxC post)



  • I installed the latest freeradius package on a pf 1.0.1 release fresh install, but it won't start, upon running a radiusd -X I got the following error message in the debug:

    Module: Library search path is /usr/local/lib
    radiusd.conf[226] Failed to link to module 'rlm_exec': /usr/local/lib/rlm_exec.a: invalid file format

    line 226 of radiusd.conf reads:

    exec {
                    wait = no
                    input_pairs = request
            }

    Any ideas on this one?



  • yes your pfsense install is to old
    first uninstall the freeraduis package
    then download from this link the pfsense full update
    http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-23-2006/

    when it is on youre pc got to the webgui of pfsense
    and upload that file on the firmware page
    when the upgrade of pfsense is done you can install the freeradius package



  • Thanks for the quick reply, I wasn't sure if a newer snapshot would help or not, I'll give it a run and let you know.



  • I updated to the latest snapshot 12-23 (after uninstalling the package) fired it up, reinstalled freeradius, and the same error persists.  Any additional ideas?



  • I noticed that the package version in the gui is 1.1.2 but the version the package manager gets according to pkg_info is freeradius 1.1.3_1, I'm not sure if these are meant to match, but I looked on another older machine I have and it said freeradius was 1.0.4.  I noticed that current port was posted 10/29/2006 on freebsd ports.  Any chance that this is the problem and does anyone know how to fix it?



  • i have 1.1.2 in the gui and when installed its 1.1.3_1
    so the 1.1.2 in the gui is a leftover from before the last update off the package

    i will put rlm_exec.a on a webserver that i own
    i have had this error 1 time but it was fixed by uninstalling the package and go to the last snapshot and then reboot and then install the package
    don't now if i rebooted again afther that
    but then it worked



  • if i have made the port forward on pfsense correct then you can access my webserver and download the file from it
    http://wlelystad.homeip.net/pfsense/freeradius/



  • hmm, looks like its still not forwarding right just yet, thanks for your effort to help me out though.



  • oeps the nated ip mist a 1 so pfsense was sending traffic to a ghost pc
    thanks for reporting



  • I got the file and set the permissions and replaced the old one, they differed by 600 bytes or so.  I still get the same error as before, and I started my install fresh, then updated to 12-23, then installed the package, still had the error, tried to replace the file with the one provided above, still has an error.  If anyone else can confirm similiar problems, that would be great.  Any other suggestions would also be appreciated.



  • i see there a more files of rlm_exec
    i have :

    ls -l rlm_exec*

    lrwxr-xr-x  1 root  wheel    11 Nov 25 22:26 rlm_exec-1.1.3.la -> rlm_exec.la
    -rwxr-xr-x  1 root  wheel  8676 Nov 25 22:26 rlm_exec-1.1.3.so
    -rw-r–r--  1 root  wheel  4326 Nov 25 22:26 rlm_exec.a
    -rwxr-xr-x  1 root  wheel  880 Nov 25 22:26 rlm_exec.la
    lrwxr-xr-x  1 root  wheel    17 Nov 25 22:26 rlm_exec.so -> rlm_exec-1.1.3.so



  • Here is what I see:

    lrwxr-xr-x  1 root  wheel    11 Dec  3 18:45 rlm_exec-1.1.3.la -> rlm_exec.la
    -rwxr-xr-x  1 root  wheel  8676 Dec  3 18:40 rlm_exec-1.1.3.so
    -rwxrwxrwx  1 root  wheel  4326 Dec 28 22:32 rlm_exec.a
    -rw-r–r--  1 root  wheel  4914 Dec  3 18:45 rlm_exec.aold
    -rwxr-xr-x  1 root  wheel  816 Dec  3 18:45 rlm_exec.la
    lrwxr-xr-x  1 root  wheel    17 Dec  3 18:40 rlm_exec.so -> rlm_exec-1.1.3.so

    I did a chmod 777 on it just to see if it had anything to do with permissions, and .aold is the previous rlm_exec.a other than rlm_exec.la it looks like all of them are the same size



  • can you test if u copy this file to /usr/local/etc/raddb/radiusd.conf
    http://wlelystad.homeip.net/pfsense/freeradius/radiusd.conf
    edit this line to youre ip
    bind_address = 212.187.92.144

    if it then works for you ?

    if that works then download
    freeradius.inc
    freeradius.xml
    from my website to /usr/local/pkg/freeradius.inc
                                                  freeradius.xml



  • As a matter of fact it does seem to get a clean startup, I don't see the service start in status > services, but when I try and start it again it says its running and the error is gone.  I made some changes in the gui and when the new conf file was created the same error came back, I wonder if there is a problem with how it is being written on the fly.  I'll look into it more, thanks again for your help.



  • if you make a chanche in the gui then it writes the error back
    the 2 gui files on my website have the error removed and don't write it to disk
    also it add's some extra's



  • On a vanilla system updated to 2006-12-23 I installed the freeradius package but the service won't start.
    Deinstalled from webGUI and trying to manually add:

    pkg_add -r freeradius

    gives this error:

    warning: package 'freeradius-1.1.3_1' requires 'gdbm-1.8.3_3', but 'gdbm-1.8.3_2' is installed

    It won't start also but might be a hint…
    Just deinstalled the package as I don't need it on this box.

    jahonix



  • the pfsense freeradius package is talered to pfsense the one from freebsd needs more libs then pfsense has
    in the pfsense freeradius gui there is a small gui error
    if you replace freeradius.xml and freeradius.inc on location /usr/local/pkg
    with the same files from http://wlelystad.homeip.net/pfsense/freeradius/

    and then go to freeradius settings on the gui and save then the correct freeradius config is made and freeradius will start



  • yep, just got it working this way.
    Thanks alot - especially for the extended options accessible via webGUI!

    Now I can lockout the kids at night when they are supposed to sleep (if it works, haven't tested it yet but I am confident…)

    jahonix



  • for that option you need to config the captive portal with these options:
    Hard timeout  leave blank
    send RADIUS accounting packets
    Reauthenticate connected users every minute
    Accounting updates interim update

    then pfsense will check every min if the user is still alowed



  • Well the updates look great, apparently I am still doing something wrong though here is the break down again:

    With your updates I am now getting this error :

    radiusd.conf[246] Failed to link to module 'rlm_expr': /usr/local/lib/rlm_expr.a: invalid file format

    When I use an invalid bind address it does say this:

    There appears to be another RADIUS server running on the authentication port 1812

    Without jeroen234 upates I got the error on line 226 as previously posted…

    It sounds like I may just still have a few bad lib files that aren't being built correclty, even with a fresh radius install, I'm not sure exactly why that is, but I would greatly appreciate if you could post the other lib files on your site for radius as well and I can see what I can do from there.  Thanks again for all your help.



  • i think that you better can try a complete fresh install of pfsense
    http://pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-23-2006/pfSense.iso.gz
    i can post the 50 or so freeradius files
    but if youre hd is not good then that makes no sense
    and my libs are the same as that you installed with the pfsense freeradius package



  • Working now

    I read sergu a post by sergu and what he did worked for me except I added a step

    Uninstall package via gui
    delete package with pkg_delete
    reinstall the package with pkg_add
    Install the package gui again

    Currently radiusd is running

    why?? I don't know



  • it works that is good  ;D



  • It seems to be working great, I want to thank you again for all your help.  After I got it working I uploaded your package updates, they look great.  I do have one question though, what does the Ip-address field do, I know it uses attribute 8, framed-ip, but I'm not sure what its application is, could you give more info on that?  Is it supposed to change your ip address dynamically to the on assigned?

    I'm going to reload a second drive and see if I can trace the problem down so my 1 million posts can add up to something now.  Thanks again!



  • the ip option is for the Issue IP Addresses via RADIUS server option of the pfsense pppoe server

    there was some work going on to get this also in the vpn ptpp server



  • Well here is the update on the radius package:

    Install Package
    go to terminal issue:
    pkg_delete freeradius-1.1.3_1
    (some errors about not being to delete everything will come up, that's fine)
    pkg_add -r freeradius
    start the service, done deal

    Sorry I don't know more than that but it should make it easier for the problem to be fixed, thanks to everyone who helpmed me out.


Locked