Update (RADIUS) process broken?

[EdwinKM]

Today decided to update opnsense. It did some update stuff and rebooted. The dashboard claims now to be on version: OPNsense 22.7.6-amd64. That is not the latest version. Made a config export first but it seems not to contain the version?

Again, if i press the update i get the 22.7.9 popup.
Here the packages it needs to update:

Package name    Current version    New version    Required action    Repository
freeradius3   3.0.25   3.2.1   upgrade   OPNsense
opnsense   22.7.6   22.7.9   upgrade   OPNsense
os-freeradius   1.9.21   1.9.21_2   upgrade   OPNsense
os-nut   1.8.1   1.8.1_1   upgrade   OPNsense

And below: "There are 4 updates available, total download size is 0B."

If i press update i get a lot of "missing files" messages

Code: [Select]

***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.7.6 (amd64/OpenSSL) at Fri Dec  2 15:06:46 CET 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (4 candidates): .... done
Processing candidates (4 candidates): .... done
Checking integrity... done (0 conflicting)
The following 4 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
freeradius3: 3.0.25 -> 3.2.1
opnsense: 22.7.6 -> 22.7.9
os-freeradius: 1.9.21 -> 1.9.21_2
os-nut: 1.8.1 -> 1.8.1_1

Number of packages to be upgraded: 4
[1/4] Upgrading freeradius3 from 3.0.25 to 3.2.1...
===> Creating groups.
Using existing group 'freeradius'.
===> Creating users
Using existing user 'freeradius'.
===> Setting user and group in radiusd.conf
[1/4] Extracting freeradius3-3.2.1: .......... done
You should remove /usr/local/etc/raddb if you don't need it any more.
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-dhcp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-dhcp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-dhcp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-eap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-eap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-eap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-radius.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-radius.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-radius.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-server.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-server.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/libfreeradius-server.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_dhcp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_dhcp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_dhcp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_vmps.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_vmps.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/proto_vmps.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_always.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_always.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_always.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_attr_filter.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_attr_filter.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_attr_filter.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache_rbtree.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache_rbtree.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cache_rbtree.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_chap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_chap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_chap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_counter.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_counter.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_counter.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cram.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cram.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_cram.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_date.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_date.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_date.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_detail.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_detail.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_detail.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dhcp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dhcp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dhcp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_digest.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_digest.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_digest.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dynamic_clients.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dynamic_clients.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_dynamic_clients.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_fast.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_fast.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_fast.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_gtc.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_gtc.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_gtc.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_md5.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_md5.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_md5.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_mschapv2.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_mschapv2.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_mschapv2.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_peap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_peap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_peap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_pwd.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_pwd.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_pwd.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_sim.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_sim.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_sim.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_tls.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_tls.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_tls.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_ttls.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_ttls.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_eap_ttls.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_exec.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_exec.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_exec.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expiration.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expiration.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expiration.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expr.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expr.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_expr.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_files.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_files.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_files.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ippool.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ippool.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ippool.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_krb5.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_krb5.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_krb5.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ldap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ldap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_ldap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_linelog.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_linelog.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_linelog.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_logintime.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_logintime.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_logintime.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_mschap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_mschap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_mschap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_otp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_otp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_otp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pam.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pam.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pam.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pap.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pap.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_pap.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_passwd.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_passwd.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_passwd.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_perl.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_perl.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_perl.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_preprocess.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_preprocess.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_preprocess.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_radutmp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_radutmp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_radutmp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_realm.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_realm.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_realm.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_replicate.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_replicate.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_replicate.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_soh.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_soh.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_soh.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sometimes.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sometimes.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sometimes.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_map.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_map.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_map.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_mysql.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_mysql.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_mysql.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_null.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_null.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_null.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_sqlite.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_sqlite.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sql_sqlite.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlcounter.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlcounter.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlcounter.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlippool.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlippool.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_sqlippool.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_test.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_test.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_test.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_totp.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_totp.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_totp.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unix.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unix.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unix.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unpack.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unpack.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_unpack.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_utf8.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_utf8.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_utf8.so
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_wimax.a
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_wimax.la
freeradius3-3.0.25: missing file /usr/local/lib/freeradius-3.0.25/rlm_wimax.so
freeradius3-3.0.25: missing file /usr/local/share/examples/freeradius/raddb/mods-available/cache_eap
freeradius3-3.0.25: missing file /usr/local/share/examples/freeradius/raddb/mods-available/otp
freeradius3-3.0.25: missing file /usr/local/share/examples/freeradius/raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh
freeradius3-3.0.25: missing file /usr/local/share/examples/freeradius/raddb/mods-enabled/cache_eap
freeradius3-3.0.25: missing file /usr/local/share/licenses/freeradius3-3.0.25/GPLv2
freeradius3-3.0.25: missing file /usr/local/share/licenses/freeradius3-3.0.25/LICENSE
freeradius3-3.0.25: missing file /usr/local/share/licenses/freeradius3-3.0.25/catalog.mk
pkg-static: Fail to set time on /var/log/radacct:No such file or directory
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***



[Trinnik]

Same issue here, updating from 22.7.8. Tried updating from console as well and the update process just stops suddenly.

[PiMas]

Same issue here, updating from 22.7.8. Tried updating from console as well and the update process just stops suddenly.

Same here

[EdwinKM]

@PiMas @Trinnik: do you have the freeradius plugin installed?
Created a bug report: https://github.com/opnsense/core/issues/6167

And thus actually using RADIUS. Is it still working? Not sure the count of active users. It went kaput after my update. But not 100% sure if related.

[mimugmail]

What happens if you disbale the plugin, remove radius (pkg+plugin), install again and enable? The major update during 3.0 to 3.2 breaks something

[EdwinKM]

Ok, uninstall plugin using the GUI

Code: [Select]


Number of packages to be removed: 1
[1/1] Deinstalling os-freeradius-1.9.21_2...
[1/1] Deleting files for os-freeradius-1.9.21_2: .......... done
Reloading plugin configuration
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 8 packages:

Installed packages to be REMOVED:
freeradius3: 3.2.1
groff: 1.22.4_4
libpaper: 1.1.28
mysql57-client: 5.7.40
protobuf: 3.21.7,1
psutils: 1.17_5
talloc: 2.3.4
uchardet: 0.0.7

Number of packages to be removed: 8

The operation will free 102 MiB.
[1/8] Deinstalling freeradius3-3.2.1...
You should remove /usr/local/etc/raddb if you don't need it any more.
[1/8] Deleting files for freeradius3-3.2.1: .......... done
==> You should manually remove the "freeradius" user.
==> You should manually remove the "freeradius" group
[2/8] Deinstalling mysql57-client-5.7.40...
[2/8] Deleting files for mysql57-client-5.7.40: .......... done
[3/8] Deinstalling groff-1.22.4_4...
[3/8] Deleting files for groff-1.22.4_4: .......... done
[4/8] Deinstalling psutils-1.17_5...
[4/8] Deleting files for psutils-1.17_5: .......... done
[5/8] Deinstalling talloc-2.3.4...
[5/8] Deleting files for talloc-2.3.4: .......... done
[6/8] Deinstalling libpaper-1.1.28...
[6/8] Deleting files for libpaper-1.1.28: .......... done
[7/8] Deinstalling protobuf-3.21.7,1...
[7/8] Deleting files for protobuf-3.21.7,1: .......... done
[8/8] Deinstalling uchardet-0.0.7...
[8/8] Deleting files for uchardet-0.0.7: .......... done
***DONE***


Next does not work. But removal of the plugin already does the uninstall?

Code: [Select]

root@OPNsense:~ # pkg remove freeradius3
No packages matched for pattern 'freeradius3'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing
root@OPNsense:~ # pkg remove freeradius
No packages matched for pattern 'freeradius'

Checking integrity... done (0 conflicting)
1 packages requested for removal: 0 locked, 1 missing

On disk, a lot of *.pkgsave files in /usr/local/lib/freeradius-3.2.1

Reinstall plugin using GUI

Code: [Select]

***GOT REQUEST TO INSTALL***
Currently running OPNsense 22.7.9 (amd64/OpenSSL) at Sun Dec  4 09:23:48 CET 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 9 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
freeradius3: 3.2.1
groff: 1.22.4_4
libpaper: 1.1.28
mysql57-client: 5.7.40
os-freeradius: 1.9.21_2
protobuf: 3.21.7,1
psutils: 1.17_5
talloc: 2.3.4
uchardet: 0.0.7

Number of packages to be installed: 9

The process will require 103 MiB more space.
[1/9] Installing libpaper-1.1.28...
[1/9] Extracting libpaper-1.1.28: .......... done
[2/9] Installing uchardet-0.0.7...
[2/9] Extracting uchardet-0.0.7: .......... done
[3/9] Installing psutils-1.17_5...
[3/9] Extracting psutils-1.17_5: .......... done
[4/9] Installing groff-1.22.4_4...
[4/9] Extracting groff-1.22.4_4: .......... done
[5/9] Installing protobuf-3.21.7,1...
[5/9] Extracting protobuf-3.21.7,1: .......... done
[6/9] Installing talloc-2.3.4...
[6/9] Extracting talloc-2.3.4: .......... done
[7/9] Installing mysql57-client-5.7.40...
[7/9] Extracting mysql57-client-5.7.40: .......... done
[8/9] Installing freeradius3-3.2.1...
===> Creating groups.
Using existing group 'freeradius'.
===> Creating users
Using existing user 'freeradius'.
===> Setting user and group in radiusd.conf
[8/9] Extracting freeradius3-3.2.1: .......... done
===> Adjusting ownership of directory /usr/local/etc/raddb
===> Adjusting ownership of directory /var/log/radacct
===> Adjusting ownership of directory /var/run/radiusd
===> Adjusting ownership of /var/log/radius.log
===> Adjusting ownership of /var/log/radutmp
===> Adjusting ownership of /var/log/radwtmp
===> Updating libdir in /usr/local/etc/raddb/radiusd.conf
[9/9] Installing os-freeradius-1.9.21_2...
[9/9] Extracting os-freeradius-1.9.21_2: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Freeradius: OK
Reloading template OPNsense/Syslog: OK
=====
Message from groff-1.22.4_4:

--
In order to be able to use the html driver, you need to install the following
packages:
 - ghostscript
 - netpbm
=====
Message from mysql57-client-5.7.40:

--
This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server
=====
Message from freeradius3-3.2.1:

--
To enable FreeRADIUS, put the following line in /etc/rc.conf

radiusd_enable="YES"


The sample configuration can be found at
/usr/local/share/examples/freeradius/raddb

If you are upgrading FreeRADIUS, you are advised to use this as a reference
for updating your configuration.


FreeRADIUS will look for its configuration directory at
/usr/local/etc/raddb by default.

If you did not already have a configuration at this location, the sample
configuration has been copied to this location and has been bootstrapped.


If you wish to point FreeRADIUS to a configuration at a different
location, put the following line in /etc/rc.conf

radiusd_flags="-d /path/to/raddb"


To start the server in normal (daemon) mode, run:

/usr/local/etc/rc.d/radiusd start

and to stop the server, run:

/usr/local/etc/rc.d/radiusd stop


To start the server in debugging mode, run:

/usr/local/etc/rc.d/radiusd debug


You are advised to make cautious changes to the configuration, and to test
frequently, using debugging mode where necessary. Try to resist the
temptation to disable or delete things that you don't understand - you may
well break things!

Useful configuration advice can be found in the FreeRADIUS Wiki at
http://wiki.freeradius.org
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***


On lobby restarting service

Code: [Select]

==> radius.log <==
Sun Dec  4 09:25:49 2022 : Info: Signalled to terminate
Sun Dec  4 09:25:49 2022 : Info: Exiting normally
Sun Dec  4 09:25:49 2022 : Info: Debugger not attached
Sun Dec  4 09:25:49 2022 : Warning: tls: Setting DH parameters from /usr/local/etc/raddb/certs/dh - this is no longer necessary.
Sun Dec  4 09:25:49 2022 : Warning: tls: You should comment out the 'dh_file' configuration item.
Sun Dec  4 09:25:49 2022 : Info: Loaded virtual server <default>
Sun Dec  4 09:25:49 2022 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Sun Dec  4 09:25:49 2022 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Sun Dec  4 09:25:49 2022 : Info:  # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:327
Sun Dec  4 09:25:49 2022 : Info: Loaded virtual server inner-tunnel
Sun Dec  4 09:25:49 2022 : Info: Loaded virtual server default
Sun Dec  4 09:25:49 2022 : Info: Loaded virtual server check-eap-tls
Sun Dec  4 09:25:49 2022 : Info: Ready to process requests


Connecting to RADIUS


logs on OPNsense:
Sun Dec  4 09:27:09 2022 : Auth: (14)   Login incorrect: [radius-client/<via Auth-Type = Reject>] (from client RADIUS_WIFI_AP port 0 cli A8-6D-AA-73-F7-53 via TLS tunnel)
Sun Dec  4 09:27:09 2022 : Auth: (14) Login incorrect (eap: Failed continuing EAP TLS (13) session.  EAP sub-module failed): [radius-client/<via Auth-Type = eap>] (from client RADIUS_WIFI_AP port 0 cli A8-6D-AA-73-F7-53)
Sun Dec  4 09:27:36 2022 : Auth: (29)   Login incorrect: [radius-client/<via Auth-Type = Reject>] (from client RADIUS_WIFI_AP port 0 cli A8-6D-AA-73-F7-53 via TLS tunnel)
Sun Dec  4 09:27:36 2022 : Auth: (29) Login incorrect (eap: Failed continuing EAP TLS (13) session.  EAP sub-module failed): [radius-client/<via Auth-Type = eap>] (from client RADIUS_WIFI_AP port 0 cli A8-6D-AA-73-F7-53)



Logs Omada EA245 -> screenshot. Can not copy plain text.

[EdwinKM]

Created a test VM and a extra SSID. Imported my OPNsense cerrts and it seems to work. So, first conclusion seems my certs are still valid and my infra is working.
Added the steps below. Note it is in Dutch and in Dokuwiki format. Will statrt comparing with OPNsense.

Code: [Select]

++++ EXPERIMENT: Eigen FreeRADIUS server met geimporteerde OPNSense certificaten |
Bron: https://gathering.tweakers.net/forum/list_messages/2081204

We gebruiken hier FreeRADIUS op een Debian test doos op Proxmox. Deze geeft IP 192.168.1.207 gekregen.

<code>
ssh 192.168.1.207
apt-get install freeradius screen

cd /etc/freeradius/3.0
cp users users.org
</code>


Deze anamaken op de AP:
  SISD: 1337_RADIUS
  Security mode: WPA-Enterprise
  Version: WPA2-Enterprise
  Encryption: AES
  RADIUS Server IP: 192.168.1.207
  RADIUS Port: 1812
  RADIUS Password: testing123

 
<code>
cp clients.conf clients.conf.org
</code>
Voeg onderaan toe:
<code>
client WIFI_1337_RADIUS {
        ipaddr          = 192.168.1.207/24
        netmask         = 24
        secret          = testing123
        shortname       = WIFI_1337_RADIUS
        nas_type        = other
}
</code>


Bij backup maken, plaats deze NIET in de ''mods-enabled'' map.
<code>
cp /etc/freeradius/3.0/mods-enabled/eap /etc/freeradius/3.0/mods-enabled/eap.org
</code>

Aanpassen ''/etc/freeradius/3.0/mods-enabled/eap''
<code>
...
default_eap_type = tls
...
tls-config tls-common {
                private_key_password = whatever
                private_key_file = ${certdir}/server.key
                certificate_file = ${certdir}/server.pem
                ca_file = ${certdir}/ca.pem
...
...
tmpdir = /var/tmp/radiusd
</code>

<code>
mkdir /var/tmp/radiusd
chown freerad:freerad /var/tmp/radiusd
</code>



Voor de eerste test halen we de huidige "productie" certificaten van OPNsense over. We weten dat de huidige certificaten werken van OPNsense. Exporten in OPNsense GUI en we geven het wachtwoord "whatever".
    System: Trust: Authorities
      Export CA cert = ca.crt
      Export CA private key = ca.key
    System: Trust: Certificates -> RADIUS Server Certificate
      export user cert = server.crt
      export user key = server.key
      export p12 = server.p12
    System: Trust: Certificates -> RADIUS Client Certificate
      export user cert = client.crt
      export user key = client.key
      export p12 = client.p12

<code>
scp * root@192.168.1.207:/etc/freeradius/3.0/certs
</code>

We moeten nog wat ''pem'' files genereren. Gebruik wachtwoord: "whatever"
<code>
root@radiustest:/etc/freeradius/3.0/certs# openssl pkcs12 -in server.p12 -out server.pem -clcerts -nokeys
Enter Import Password:
</code>

<code>
openssl x509 -in ca.crt -out ca.pem
</code>

<code>
chown freerad:freerad /etc/freeradius/3.0/certs/*
</code>


Start RADIUS:
<code>
systemctl stop freeradius ; freeradius -X
</code>



Op Suse maak een nieuwe verbinding aan.
  Connection Name: 1337_RADIUS_OPN_CERTS
  SSID: 1337_RADIUS
  Security: WPA/WPA2 Enterprise
  Authentication: TLS
  Identity: radius-client
  CA certificate: ca.crt
  User cetificate: client.p12
  User private key: client.p12
  User key password: whatever

Resultaat: connectie werkt.


++++


[EdwinKM]

the logging is verbose and it contains private stuff. But tried the same on OPNsense. Notice some things

root@OPNsense:/var/log # /usr/local/etc/rc.d/radiusd stop ; /usr/local/etc/rc.d/radiusd debug

Code: [Select]

(14) WARNING: Outer and inner identities are the same.  User privacy is compromised.
...
(14) Virtual server sending reply
(14) eap_tls: Certificate rejected by the virtual server
(14) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed
(14) eap: Sending EAP Failure (code 4) ID 221 length 4
(14) eap: Failed in EAP select
(14)     [eap] = invalid
(14)   } # authenticate = invalid
(14) Failed to authenticate the user



[EdwinKM]

Still investigating.

modified the code of ''check-eap-tls''. After this i can login again. Accept in both cases.

Code: [Select]

        #
        # Check the client certificate common name against the supplied User-Name
        #
        if (&User-Name == &TLS-Client-Cert-Common-Name || &User-Name == "host/%{TLS-Client-Cert-Common-Name}") {
                update config {
                        &Auth-Type := Accept
                }
        }
        else {
                update config {
                        #&Auth-Type := Reject
                        &Auth-Type := Accept
                }
        }

Based on the log
  User-Name = "radius-client"
  TLS-Client-Cert-Common-Name := "radius-ca"
  TLS-Client-Cert-Common-Name := "radius-client"

Did i misconfigure something?

[mimugmail]

This will disable verifying the common Name. This optioni
is also available via gui

[EdwinKM]

This will disable verifying the common Name. This option
is also available via gui

That does not make it clear to me. Sure, i could have configured something "wrong" in the past. But it broke with the new release. This means:
  * The release is not backwards compatible.
  * Try to identify the issue on update. Warn the user. It took me almost a day to identify this issue