OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Christian on November 08, 2017, 09:58:53 pm

Title: Freeradius Fails to Start
Post by: Christian on November 08, 2017, 09:58:53 pm

Hi,

I have tried replacing my previous manually-installed freeradius with the os-freeradius package. Installing the package trashed the existing configuration by overwriting some files but not removing all old files, so I uninstalled, removed all configuration files manually, and re-installed os-freeradius.

For installation and configuration, I followed https://wiki.opnsense.org/manual/how-tos/freeradius.html.

Freeradius does not start. In /var/log/radius.log I see the following:

 

Quote

    Warning: Support for old-style clients will be removed in a future release
    Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 192.168.178.53. Please fix your configuration
    Warning: Support for old-style clients will be removed in a future release
    Info: Debugger not attached
    Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"    found in filter list for realm "DEFAULT".
    Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"    found in filter list for realm "DEFAULT".
    Error: Unable to check file "/usr/local/etc/raddb/certs/server.pem": No such file or directory
    Error: rlm_eap_tls: Failed initializing SSL context
    Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls
    Error: /usr/local/etc/raddb/mods-enabled/eap[15]: Instantiation failed for module "eap"

I don't know what the warnings are about, I guess those are internal problems with the plugin?

It seems to me that the fatal error is the fact that /usr/local/etc/raddb/certs/server.pem is missing. I did not find any mention of creating this file in the howto and I am at a loss what to do.

Any help would be much appreciated. ;)

Thanks,
Christian

Title: Re: Freeradius Fails to Start
Post by: mimugmail on November 08, 2017, 10:11:26 pm

These files should be there with default Install. Try to Reinstall the plugin. If this doesnt help, go to System - Trust, Create CA, create Server certificate and set them in EAP

Title: Re: Freeradius Fails to Start
Post by: Christian on November 08, 2017, 11:20:59 pm

Uninstalling and re-installing from the web GUI did not resolve the issue, so I used pkg remove freeradius3-3.0.15_1 to nuke the package.

The messages while installing were quite different from what I saw before and now the certificates specified in EAP settings are used. All is well.  :)

Thanks!

Title: Re: Freeradius Fails to Start
Post by: mimugmail on November 09, 2017, 06:10:32 am

Good to hear, but I really would like to know what happened in the first install :o