OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: tja on August 13, 2018, 11:51:15 am
-
hi,
i still have issues with freeradius.
almost always when i create a freeradius user or modify one i have to restart the firewall.
it seems to me the UI changes conf.xml and forgets to change /usr/local/etc/raddb/mods-config/files/authorize - or the file is locked somehow as changed fields in the UI applied correctly to conf.xml but are unchanged in authorize and radiusd (tested with -X) will use the old values.
restarting the service will only help in rare cases - almost always i have to reboot.
is there some misconfiguration on my end or did i stumble upon a bug ?
wbr,tja...
-
User are not placed in this file. Check users in raddb directly
-
User are not placed in this file. Check users in raddb directly
hi mimugmail,
you mean users in /usr/local/etc/raddb ?
lrwxr-x--- 1 freeradius freeradius 29 May 17 12:45 /usr/local/etc/raddb/users -> ./mods-config/files/authorize
wbr,tja...
-
I'm not on a computer right now, mit sure If this should really be a link
-
did you apply the changes?
-
test:
1. renamed authorize - radiusd would not start
2. changed data in the UI for freeradius users - authorize appeared again now with the correct data - radiusd started with the correct data
so i'm guessing that authorize is indeed the place where users really are stored and config.xml AND authorize should be written on changes to the UI - but sometimes this is prevented (via a file lock ?!?)
wbr,tja...
-
Today I got the same issue.
Created new user > nothing works.
After a while I noticed that my mouse got a failure.
The "apply" button was not clicked :o ::)
-
I'm not on a computer right now, mit sure If this should really be a link
hi mimugmail,
could you check on your end ?
wbr,tja...
-
did you apply the changes?
hi fabian,
ähh - which changes ?
wbr,tja...
-
Sorry, I cannot reproduce. Do you have "Enabled" in "General" ticked? The authorize file will be empty when the service isn't enabled.
-
Sorry, I cannot reproduce. Do you have "Enabled" in "General" ticked? The authorize file will be empty when the service isn't enabled.
hi mimugmail,
thats not the issue. maybe i stated the problem poorly:
problem:
creating or updating users in freeradius seldom works without restarting the machine.
steps to reproduce:
- create or change a user in freeradius UI
- try to use the created/modified user f.e. login or login with changed VLAN ID - FAILS (new user doesnt work or changed data is not reflected at login)
- check config.xml - created / changed is correctly stored
- check users aka authorize - created / changed is NOT correctly stored
i tried this very moment - created a new user but the new user is not stored in raddb/users.
you wrote that you are usure if users is a link to mod-config/files/authorize - is this correct ?
wbr,tja...
-
The linked version is correct. Sorry .. still cannot reproduce, I created a new user:
root@OPN164:~/plugins/dns/bind # cat /usr/local/etc/raddb/users
test1 Cleartext-Password := "eeeeeeeeeee"
Framed-Protocol = PPP
and then added VLAN4 to it:
test1 Cleartext-Password := "eeeeeeeeeee"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 4,
Framed-Protocol = PPP
-
The linked version is correct. Sorry .. still cannot reproduce, I created a new user:
...
hmm, i will reinstall the machine asap - hopefully the problem wont come up again.
thx for you patience.