NEW Package: freeRADIUS 2.x
-
Dear friends,
I have a stupid question to ask. I've searched on the forum but couldn't find an exact solution to my problem.
I'm modifying the files of FR 2 to make it connect to my mysql server and work flawlessly with my daloradius server. I'm backing up the files I've modified, but the problem is, whenever I reboot the machine, all of the files returns to their original values. So I made a backup of the raddb folder, and whenever I reboot my pfsense, I stop the service, untar the backup I've made, and restart the service.
I want to get rid all of that. Is there any way to make the file changes permanent?
-
I want to get rid all of that. Is there any way to make the file changes permanent?
Edit script that creates config files, it's usually package_name.inc script.
And to keep this file modification on xml backup, use filer package.
-
@DestekTeknik
All files that will be modified by the GUI are in the freeradius.inc:/usr/local/pkg/freeradius.inc
So the best solution for you would be to modify the freeradius.inc file so that it does what you want.
Then your configuration will survive a reboot :-)But it will not survive a package reinstallation of freeradius and not a pfsense firmware update.
For this - if I understand marcelloc correctly - you will have a look at the filer package. I didn't ever used the filer package. -
After Updates pkg v1.6.6_4:
radiusd -X
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
rlm_eap: Failed to initialize type tls
/usr/local/etc/raddb/eap.conf[2]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/default[339]: Failed to load module "eap".
/usr/local/etc/raddb/sites-enabled/default[274]: Errors parsing authenticate section.radiusd.conf
modules {
$INCLUDE ${confdir}/modules/
#$INCLUDE eap.conf
…...........
#$INCLUDE sites-enabled/
…..............radiusd -X
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.65.254
port = 1812
Failed binding to authentication address 192.168.65.254 port 1812: Address already in use
/usr/local/etc/raddb/radiusd.conf[36]: Error binding to port for 192.168.65.254 port 1812and
radtest test test 127.0.0.1:1812 0 test
Sending Access-Request of id 226 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 192.168.65.254
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 226 socket 3how to solve the problem. FreeRadius removal and reinstallation does not help: (
RADIUS NAS IP attribute change to 192.168.65.254. Working.
-
After reinstalling freeradius go to the EAP tab and check if the certificates are correct and then click again on "save".
It could also help to change the "cert manager" option on the EAP-tab, click save and then change back and click save again. -
New version of freeradius is available:
2.2.0When looking at the freeradius.org webpage it says:
100% configuration file compatible with 2.1.x. The only fix needed is to disallow "hashsize=0" for rlm_passwd
So this should be no problem for the configuration.
But the makefile seems to have changed - and now different "build options" must be used. Can someone verify this and perhaps make it available for pfsense ?
http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/freeradius2/
http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/freeradius2/Makefile?rev=1.108Thanks
-
newbie question. i have reinstalled my pfsense 2.0.1 for 3 times but i don't see the freeradius 2.x as my available package. please advise on how i could have it. thanks for the reply
-
you have nano or full install????
-
In general freeradius2 package is available for i386/amd64 installations using pfsense version 2.x
Full installation on HDD is supported and it should run on nanobsd installations, too.Not sure, why it will not be displayed on you installation but you can try this:
1.) login on pfsense
2.) access this URL: http://your_pfsense_IP/pkg_mgr_install.php?id=freeradius2 -
In general freeradius2 package is available for i386/amd64 installations using pfsense version 2.x
Full installation on HDD is supported and it should run on nanobsd installations, too.Not sure, why it will not be displayed on you installation but you can try this:
1.) login on pfsense
2.) access this URL: http://your_pfsense_IP/pkg_mgr_install.php?id=freeradius2this is my pfsense:
2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6You are on the latest version.
im using the http://mirror.optus.net/pub/pfSense/downloads/pfSense-2.0.1-RELEASE-i386.iso.gz
installed everything on my hdd using vmware workstation 8
installed lusca and squidguard without problems…i have the same problem it does not show on available packages
here's the error on console when i try pkg_add -r freeradius2
and manual adding it on the pfsense webguiis there a way i can fetch it or modify the repo links or xml? how?
or how can i install it manually or add it on the available package list?![console freeradius2.jpg](/public/imported_attachments/1/console freeradius2.jpg)
![console freeradius2.jpg_thumb](/public/imported_attachments/1/console freeradius2.jpg_thumb)
-
I have some different VMs with 2.0.1 x86/x64 installs and pfsense 2.1 installs.
I can install the package on all machines from the GUI.The parameter which indicates the version is the same as for lets say squid2 or squidguard:
<required_version>2.0</required_version>
But I am not sure where the check is for the different installation types like CD, nanobsd and embedded :(
Can you try another .iso image from another mirror ?
-
I have some different VMs with 2.0.1 x86/x64 installs and pfsense 2.1 installs.
I can install the package on all machines from the GUI.The parameter which indicates the version is the same as for lets say squid2 or squidguard:
<required_version>2.0</required_version>
But I am not sure where the check is for the different installation types like CD, nanobsd and embedded :(
Can you try another .iso image from another mirror ?
the url is invalid i found it here https://redmine.pfsense.org/issues/2075
https://redmine.pfsense.org/projects/pfsense/repository/revisions/c70452506a0ab84a9d72547656b516f6e61578da
i don't know how to apply the diff this is the fix… -
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbz -
That's not the problem why you do not get freeradius in packagemanager GUI.
If you want to use pkg_add -r then just use the complete path to pfsense server.
x86:
pkg_add -r http://files.pfsense.org/packages/8/All/freeradius-2.1.12_1.tbzx64:
pkg_add -r http://files.pfsense.org/packages/amd64/8/All/freeradius-2.1.12_1.tbzthanks! it's working now…
i tried this post to install the gui: http://forum.pfsense.org/index.php?topic=50572.0
Fatal error: Call to undefined function freeradius_install_command() in /usr/local/www/exec.php(244) : eval()'d code on line 9any solutions?
-
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";
So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>
Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="
Anyone have any thoughts on this?
Thanks,
Stuart -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh off -
hi all! culd any one help me to config xmlrpc sync? i print gui ip adress, password, but sync does't done
Could you please explain more in detail whats your problem ?
You have freeradius-server-A and freeradius-server-B
You want to sync from A to B
On A Enable "Automatically sync freeRADIUS configuration changes?"
On A enter the protocol, the IP, the port of B
Enable the "Enable" checkbox in front of this line.
SaveThat's it.
-
Hello,
Just tried this package for the first time today and it's great! There's just one minor problem that I would need to solve before I could use this in production. Unfortunately, I'm not a programmer, so wouldn't know where to begin…
What I would like is to have a check box that lets me enter the plaintext password for the user, but encrypts it in the /usr/local/etc/raddb/users file because otherwise any admin can view the plaintext password. To get around this on my existing Linux FreeRADIUS server, I have a small perl script as follows:
#! /usr/bin/perl -w use strict; use Digest::MD5; use MIME::Base64; unless($ARGV[0]){ print "Please supply a password to create a MD5 hash from.\n"; exit; } my $ctx = Digest::MD5->new; $ctx->add($ARGV[0]); print encode_base64($ctx->digest,'')."\n";
So, at the command line, to generate the MD5 password hash:
radius:~ # /root/md5pass.pl <chosen password=""> X03MO1qnZdYdgyfeuILPmQ==</chosen>
Then to use this in my users file I would use the following:
"stuart" MD5-Password := "X03MO1qnZdYdgyfeuILPmQ=="
Anyone have any thoughts on this?
Thanks,
StuartI attached you two files. Replace them with the existing ones in /usr/local/pkg
I used example one on this page. Try if it is ok or if there is something to be changed:
http://php.net/manual/en/function.md5.phpIf you want to check the code edit freeradius.inc and watch lines 394-402
–- edit ---
it seems that we do not just need a md5 encoding but after that a base64 encoding of the md5 hash. Could you please try your cript with a password and post your password here and the according hash for that ? So we could do some more tests.
or someone could explain what is done in this perl script ;o) -
i found out the solution…
ok to everyone that has no freeradius2 on their package list here's the simple fix...
execute this > ./package.sh offThank you for your feedback. It would be interesting why this is needed on some .iso images and not on others.
But it is nice to hear that it is working for you now :)