OPNsense Forum
Archive => 21.1 Legacy Series => Topic started by: athurdent on June 16, 2021, 02:35:39 pm
-
Log:
2021-06-16T14:31:55 Error: /usr/local/etc/raddb/mods-enabled/eap[15]: Instantiation failed for module "eap"
2021-06-16T14:31:55 Error: rlm_eap (EAP): Failed to link rlm_eap_leap: Cannot open "/usr/local/lib/freeradius-3*/rlm_eap_leap.so"
Tried deleting and reinstalling the plugin to no avail.
-
Cisco LEAP was removed in version 3.0.22
Remove native support for Cisco LEAP. It is insecure, and should not be used. Proxying LEAP is still supported.
Open the configuration /usr/local/etc/raddb/mods-available/eap and remove the section about leap and restart freeradius.
EDIT:
Even better, please open the file /usr/local/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap and remove the leap section (lines 102 to 115).
-
Might be worth notifying the plugin maintainer.
For a quick fix:
# opnsense-revert -r 21.1.6 freeradius3
Cheers,
Franco
-
PS: ok, we have a ticket now https://github.com/opnsense/plugins/issues/2432
-
Wow, thank you very much mrpink, mimugmail and franco. Already fixed I see, great work! :)
-
Team effort. Sometimes it's hard to protect against non-core changes in the ecosystem.
It will likely be hotfixed tomorrow for good measure.
Cheers,
Franco
-
Btw same (similar?) thing happens with PAP:
2021-06-17T16:58:51 radiusd[48579] /usr/local/etc/raddb/mods-enabled/pap[13]: Failed to link to module 'rlm_pap': Cannot open "/usr/local/lib/freeradius-3*/rlm_pap.so"
-
Michael will take a look, although from the release notes nothing changed for PAP.
About LEAP it's a bit funny now that FreeRADIUS released 3.0.23[1] and it says...
> Silently ignore LEAP configuration instead of erroring out.
¯\_(ツ)_/¯
Cheers,
Franco
[1] https://freeradius.org/release_notes/?br=3.0.x&re=3.0.23
-
Btw same (similar?) thing happens with PAP:
2021-06-17T16:58:51 radiusd[48579] /usr/local/etc/raddb/mods-enabled/pap[13]: Failed to link to module 'rlm_pap': Cannot open "/usr/local/lib/freeradius-3*/rlm_pap.so"
Does this happen during startup?
-
Same here also get the pap[13] error, happens on start or restart of the Service the workaraound is working for now.
Thanks
-
Which workaround?
-
Might be worth notifying the plugin maintainer.
For a quick fix:
# opnsense-revert -r 21.1.6 freeradius3
Cheers,
Franco
-
Btw same (similar?) thing happens with PAP:
2021-06-17T16:58:51 radiusd[48579] /usr/local/etc/raddb/mods-enabled/pap[13]: Failed to link to module 'rlm_pap': Cannot open "/usr/local/lib/freeradius-3*/rlm_pap.so"
Does this happen during startup?
Yes this happens at startup and if/when i try to start radiusd manually. (Same thing happens with the freeradius plugin 1.9.13 as well.)
-
Doesnt happen on my side .. Screenshots please
-
Running a health audit would be beneficial to rule out local issues.
Cheers,
Franco
-
Doesnt happen on my side .. Screenshots please
Strange thing is that the modules are there:
$ls /usr/local/lib/freeradius-3*/rlm_pap*
/usr/local/lib/freeradius-3.0.22/rlm_pap.a /usr/local/lib/freeradius-3.0.22/rlm_pap.so
/usr/local/lib/freeradius-3.0.22/rlm_pap.la
And it was working great up to v21.1.6 this way.
-
Can you disable LDAP in General or do you really use it?
-
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 15:44:59 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
Output of Health Audit... Seams to be ok
I have not enabled LDAP in my freeradius configuration but i see the same issue if i upgrade freeradius again...
(http://)
-
Can you disable LDAP in General or do you really use it?
On this instance i am really using LDAP but on an other one i don't and the result is the same (as @zeitlins also mentioned).
Health audit seems okay for me as well (sorry, i forgot to run it before):
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 20:53:07 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages:
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/account.conf.sample
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/deploy
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/dnsapi
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/notify
Checking all packages............. done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
I tried other auth modules, and the really strange thing is that radiusd always errors out loading rlm_pap even if i switch to mschapv2 or tls!
Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.
-
Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.
I have the same issue and I'm also using LibreSSL
-
Anyone able to switch to OpenSSL for testing?
-
Anyone able to switch to OpenSSL for testing?
I have switched to OpenSSL and after the reboot everything (as far as I have checked) was working ok.
Regarding the pap issue, this is definitely gone and FreeRadius is able to start. So this really seems to be related to LibreSSL. Good catch.
-
Second big problem after OpenVPN :(
-
also switched to openssl - and the Updated Version Works...
I´ll stick with openssl for now... i´m happy to test on the next update to switch ssl versions again ;-)
-
I have NOT switched to openssl. The bug is still not closed. :'(
When will it be fixed? After upgrading to 21.7 I can't revert back to 21.1.6 any more.
( `opnsense-revert -r 21.1.6 freeradius3` )
Is there another quickfix besides switching to openssl??
Thanks.
-
There is none, its a problem of freeradius itself
-
I have NOT switched to openssl. The bug is still not closed. :'(
When will it be fixed?
Maybe never if users keep shouting in the wrong direction. It's a freeradius issue and some vendors are actively not supporting LibreSSL.
Cheers,
Franco
-
is this still an issue? I cant seem to be able to run freeradius on my OPNsense 21.7.5-amd64 install
-
No, yours is related to Jinja update introduced with 21.7.4
-
No, yours is related to Jinja update introduced with 21.7.4
any fix for my issue?
-
Can you open an issue in GitHub please?
-
Just go to Services : Freeradius : EAP and hit Apply, will be fixed in next version too