Freeradius2 package changes lost if edited via ssh?



  • I am not sure if I am missing something here but I am building a PFSense box to host a freeradius2 server.  I have it all working now but I had to edit a lot of the files manually so I SSHed into the box and made my changes and all is well.  I decided to reboot just to make sure everything is solid and discovered that after the reboot, all my changes were lost.  I did see some other posts that I need to make all my changes from the web gui which is ok but I cannot edit a lot of the files from the freeradius section so I used the "edit file" feature which I would assume would save after a reboot, but it didn't.  Is there something I need to do or another method I could use to ensure any changes I make are retained?  Or if that isn't an option can someone tell me where I can tweak the files that it uses to overwrite the ones I've edited-most of the edits are one time changes and I don't mind making the changes on the source files…..any help would be appreciated.

    Steve



  • It happens on all packages. Config files are created by GUI. To build custom config options, you need to edit script that create config files. Usually package_name.inc is the file you need to edit.



  • all files that are edited by freeradius can be found in this file:

    /usr/local/pkg/freeradius.inc
    

    If you tell us the files you are editing by hand we could probably tell you where to change this in the .inc file or if there is a possibility in the GUI.



  • I discovered what you guys are saying after posting my question-someone else had a similar issue as I found in the last post on this thread:

    http://forum.pfsense.org/index.php/topic,56306.0.html

    But if it helps I was editing the default enabled site, policy.conf, files, authorized_mac's….pretty much everything they talk about here:

    http://wiki.freeradius.org/guide/Mac-Auth#raddb/policy.conf

    and all is working now, except for the fact that when I go to the "macs" tab of the freeradius package, I see no mac's listed.  If I go to the "view config" and look at the macs file, all the entries are there and freeradius is working great.  Not show how/why the web gui isn't reading the file right but I know how to make it work now so that is fine.



  • Hi,

    if you want to realize the "MAC-auth" like it is described here:
    http://wiki.freeradius.org/guide/Mac-Auth#raddb/policy.conf

    No need to change anything on the files. All can be done using the GUI. Read the following doc which explains all what you have to do:
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Plain_MAC_Auth_besides_802.1X

    "view config" just displays the content of the file. There is nothing which copies the content of the files into the GUI.
    Only what you change on GUI will be written to the files and you can check/view it with the "view config" tab.

    I would suggest you read the documentation and do everything from GUI. This will save your config after reboot or system restore.
    Further you will not have problems or to much work after an package update of freeradius.



  • Yeah, I saw those links but I was trying to implement the end of that page where it lets you specify the SSID combined with the MAC and that isn't possible from what I can see with the pfsense package.  Also we have a really unique setup because we're actually using the authorized_mac's list to reject users-it's a massive list of about 3000 Mac's so that's why I edited the file separately so I could copy/paste.  If I had to enter each mac one at a time (which is the only option with pfsense) that would take days….but as I said, we have a really one of a kind setup the way we're using it but it's all working great now!



  • @stevemg7:

    Yeah, I saw those links but I was trying to implement the end of that page where it lets you specify the SSID combined with the MAC and that isn't possible from what I can see with the pfsense package.  Also we have a really unique setup because we're actually using the authorized_mac's list to reject users-it's a massive list of about 3000 Mac's so that's why I edited the file separately so I could copy/paste.  If I had to enter each mac one at a time (which is the only option with pfsense) that would take days….but as I said, we have a really one of a kind setup the way we're using it but it's all working great now!

    Ok, just want to give the hint but what you said is not possible at the moment from GUI :-)
    But as you said - it is working and that is the most important :-)



  • Disculpen por colarme a este post..pero creo que pueden ayudarme, anteriormente publiqué ésto y creo que por aqui están abordando un tema parecido:

    Primero que nada, soy totalmente nueva con pfsense y Radius.

    Tengo instalado Radius en pfsense, si agrego usuarios de Radius desde la pag de administración de pfsense y los consulto en la opción 8 (shell) de pfsense si los veo (cd / usr / local / etc/raddb/users) pero si los agrego desde ésta opcion y los consulto en la pag de pfsense no se actualiza, me gustaria saber si alguien sabe porque ocurre ésto, o cual es el proceso que sigue.

    Mi profesor consideró que en el archivo pkg_edit.php está el proceso, lo he revisado pero se muy poco de programación y me confunde demasiado. Si alguien a revisado este archivo o conoce lo que realmente ocurre, seria de mucha ayuda para mi.

    De antemano muchas gracias y lo que puedan decirme sera de gran ayuda.



  • Hard to understand for me what you write because google cannot translate it really good to german ;-)

    I am not PHP expert but as far as I understand it then the file "pkg_edit.php" + "freeradius.xml" + "freeradius.inc" generate the GUI.

    If you change anything from console like:

    vi /usr/local/etc/raddb/users
    

    then this will be overwritten If you click on "Save" on the GUI. This is because in the freeradius.inc there is a command which writes the content from the .XML to the file.


Locked