[solved] 20.7.2 - FreeRadius and "users" File (not 20.7.2 related)

[rcmcronny]

Hi,

since the 20.7.2 update my users (the link to the authorize file for radius" gets not updated anymore. I have had 2 users (mac pairs for mac based auth) which were not in the file but in the users list, apply or restart did not help.

The log sas "configd freedrius config generated" so all seems fine.

Any hint on how i can debug, whats going on ?

Thanks,
Ronny

[mimugmail]

configd.log? What about the timestamp of the file? Does it change?

[tong2x]

might be related,
session of captive portal missing,
but I can see logs of user authenticating
and captive portal is working

captive portal is in no authentication (portal only mode)

no issue before

OPNsense 20.7.2-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020

[rcmcronny]

Hi, thanks.

the file does not change and timestamp does also not change.

configd.log from 2. sep

Code Select Expand


Sep  2 19:46:41 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:46:43 OPNsense configd.py[42340]: [07f343f5-35f7-4502-be99-e6081e01a596] starting FreeRADIUS
Sep  2 19:46:44 OPNsense configd.py[42340]: [a8175159-2b8f-4a74-a0c8-e9145b9d9e44] request FreeRADIUS status
Sep  2 19:46:45 OPNsense configd.py[42340]: [6224057f-eec1-400b-a859-165b3d8527ba] request FreeRADIUS status
Sep  2 19:46:45 OPNsense configd.py[42340]: [6fae2e40-e2f0-4aeb-a39a-a4cae5347135] stopping FreeRADIUS
Sep  2 19:46:45 OPNsense configd.py[42340]: [fde4ca8a-1573-4429-8ad3-0b83f4efff48] generate template OPNsense/Freeradius
Sep  2 19:46:45 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:46:48 OPNsense configd.py[42340]: [25646620-4cda-4de6-9964-ba50d28520cb] starting FreeRADIUS
Sep  2 19:47:18 OPNsense configd.py[42340]: [397dff4f-f3f5-4c7d-a46a-cc3375979edd] Show log
Sep  2 19:47:27 OPNsense configd.py[42340]: [40324d8d-8d2d-4e78-abe4-cc76cb135e0d] Show log
Sep  2 19:49:10 OPNsense configd.py[42340]: [9377e029-dba2-460a-bdc8-6d20ad04ac65] request FreeRADIUS status
Sep  2 19:49:12 OPNsense configd.py[42340]: [90146ab5-eaad-487f-8f4a-d5acf5f6bd96] Show log
Sep  2 19:49:20 OPNsense configd.py[42340]: [541e2b77-5a7b-43ab-acf5-f00ddbeaadaf] request FreeRADIUS status
Sep  2 19:49:32 OPNsense configd.py[42340]: [06ee9346-d822-4aa8-86e5-546706974ff4] request FreeRADIUS status
Sep  2 19:49:32 OPNsense configd.py[42340]: [f68bd20b-209a-46f4-b2e6-04a722ddd188] stopping FreeRADIUS
Sep  2 19:49:33 OPNsense configd.py[42340]: [80491915-e593-433b-90fc-21e052ae2613] generate template OPNsense/Freeradius
Sep  2 19:49:33 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:49:35 OPNsense configd.py[42340]: [f96d9f36-f79a-4292-ba8d-bce8ebe0009d] starting FreeRADIUS
Sep  2 19:49:36 OPNsense configd.py[42340]: [c14218f1-a3ce-4149-820a-014573a8694a] request FreeRADIUS status
Sep  2 19:49:36 OPNsense configd.py[42340]: [c044af7e-bdd6-4e73-a6c0-0cebcb7caaa8] request FreeRADIUS status
Sep  2 19:49:36 OPNsense configd.py[42340]: [1a84d05d-01b7-4589-9fe8-41829148fd7a] stopping FreeRADIUS
Sep  2 19:49:37 OPNsense configd.py[42340]: [c828e407-e194-466c-b57a-426583078061] generate template OPNsense/Freeradius
Sep  2 19:49:37 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:49:39 OPNsense configd.py[42340]: [c5c79f0f-be96-4ee1-85b9-fe8baca0bc19] starting FreeRADIUS
Sep  2 19:49:40 OPNsense configd.py[42340]: [e1b28e7d-3493-4598-9765-90a414e86d6c] restarting FreeRADIUS
Sep  2 19:49:41 OPNsense configd.py[42340]: [7416f0e7-96b1-493b-9dc8-94336746014b] request FreeRADIUS status
Sep  2 19:49:41 OPNsense configd.py[42340]: [873b40e1-7ff6-4308-9060-3f799149d3a2] request FreeRADIUS status
Sep  2 19:52:45 OPNsense configd.py[42340]: [2e489477-ea41-4ba0-938f-9af2e4c79e57] request FreeRADIUS status
Sep  2 19:52:46 OPNsense configd.py[42340]: [4cd95d7e-b531-46b4-bede-6d6e5a2e4790] stopping FreeRADIUS
Sep  2 19:52:46 OPNsense configd.py[42340]: [807fd364-7986-4f07-a28b-ad1cc175edcc] generate template OPNsense/Freeradius
Sep  2 19:52:46 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:52:49 OPNsense configd.py[42340]: [085ced2e-5bc5-4d3c-b7d1-05f17f5cf283] starting FreeRADIUS
Sep  2 19:52:50 OPNsense configd.py[42340]: [6034ce18-ddee-4e40-8d81-bb219fa72c7d] request FreeRADIUS status
Sep  2 19:52:50 OPNsense configd.py[42340]: [78ab7452-c325-4774-9d6c-5b9f3053bd0c] request FreeRADIUS status
Sep  2 19:52:50 OPNsense configd.py[42340]: [2843a1f3-28e0-4d17-9cb3-3536fd51aa27] stopping FreeRADIUS
Sep  2 19:52:51 OPNsense configd.py[42340]: [4c7ee8a1-ec8b-49bd-833e-d5f3e2dcda75] generate template OPNsense/Freeradius
Sep  2 19:52:51 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:52:54 OPNsense configd.py[42340]: [87294589-5890-4c9e-852c-5d20f44ac9bf] starting FreeRADIUS
Sep  2 19:53:07 OPNsense configd.py[42340]: [178ae2f0-706b-467b-a663-7dd6f5ee5a0b] request FreeRADIUS status
Sep  2 19:53:07 OPNsense configd.py[42340]: [d3d9944a-2609-46ae-8354-b4a1d09410d5] stopping FreeRADIUS
Sep  2 19:53:07 OPNsense configd.py[42340]: [a296a2ff-3cbf-44d6-86a7-e472e9980c97] generate template OPNsense/Freeradius
Sep  2 19:53:07 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:53:09 OPNsense configd.py[42340]: [097e7cdd-da2f-4b6d-a522-9db79a26d57b] starting FreeRADIUS
Sep  2 19:53:10 OPNsense configd.py[42340]: [c5fa64a9-92f0-4667-a407-52c0ebe370e2] request FreeRADIUS status
Sep  2 19:53:10 OPNsense configd.py[42340]: [f53fa2c4-74c2-4559-9090-3224daead32e] request FreeRADIUS status
Sep  2 19:53:10 OPNsense configd.py[42340]: [2c9654e1-b3b2-41a6-a4a9-edfe1b162627] stopping FreeRADIUS
Sep  2 19:53:10 OPNsense configd.py[42340]: [7605a3c6-6b48-46c4-8195-6018a5d37eb3] generate template OPNsense/Freeradius
Sep  2 19:53:10 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:53:13 OPNsense configd.py[42340]: [aafd4ed2-8cc6-4b31-808c-5a8c96b0fe8a] starting FreeRADIUS


And today:

Code Select Expand


Sep  6 11:57:08 OPNsense configd.py[42340]: [6ee67bcb-6bad-41ea-a3d6-01b15e1db029] request FreeRADIUS status
Sep  6 11:57:10 OPNsense configd.py[42340]: [916a91dd-0e06-45a5-9daa-277846488ca1] request FreeRADIUS status
Sep  6 11:57:10 OPNsense configd.py[42340]: [505651fe-5c04-439a-8bb6-79f5fdfff1d5] stopping FreeRADIUS
Sep  6 11:57:10 OPNsense configd.py[42340]: [dfc7d8f7-61bf-4cc9-a5bd-eae095befd43] generate template OPNsense/Freeradius
Sep  6 11:57:10 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  6 11:57:12 OPNsense configd.py[42340]: [34f49822-f767-45f6-bc7c-4978137e6d6f] starting FreeRADIUS
Sep  6 11:57:13 OPNsense configd.py[42340]: [1c46323e-c5d0-42aa-b0e5-520ad71e5b73] request FreeRADIUS status
Sep  6 11:57:13 OPNsense configd.py[42340]: [13625bf4-c90e-4c76-9968-f78f09b161f8] request FreeRADIUS status
Sep  6 11:57:13 OPNsense configd.py[42340]: [4991ad1b-a77e-40b8-9095-3ebe3d7cb46a] stopping FreeRADIUS
Sep  6 11:57:15 OPNsense configd.py[42340]: [2e03a089-a22e-4980-a0a5-19f0ca062698] generate template OPNsense/Freeradius
Sep  6 11:57:15 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  6 11:57:17 OPNsense configd.py[42340]: [e4c5246b-473a-4f51-9e17-7c8d9d255885] starting FreeRADIUS


Code Select Expand


-rwxr-x---  1 freeradius  freeradius    15K Sep  4 20:08 authorize


[rcmcronny]

Digged deeper and used the template file from "https://github.com/opnsense/plugins/blob/master/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users" to compare and found a missing line.

Dont know, why, but replaced the file with the one from the repo and it generates the file again, so it was really only a missing line:

Code Select Expand


root@OPNsense:/usr/local/opnsense/service/templates/OPNsense/Freeradius # diff -P users users1
54c54
<
---
> {%         endif %}


I do not think, that this is because of the upgrade, as the template file seems unchanged since months.

Will monitor, perhaps the issues is caused by layer 8 aka me, who knows :)

Sorry for confusion on this.  ( Perhaps it should print in the error log, that the template file is wrong ? )

Ronny