Freeradius fails to start after update to 21.1.7

[szty0pa]

Doesnt happen on my side .. Screenshots please

Strange thing is that the modules are there:

Code: [Select]

$ls /usr/local/lib/freeradius-3*/rlm_pap*
/usr/local/lib/freeradius-3.0.22/rlm_pap.a /usr/local/lib/freeradius-3.0.22/rlm_pap.so
/usr/local/lib/freeradius-3.0.22/rlm_pap.la
And it was working great up to v21.1.6 this way.

[mimugmail]

Can you disable LDAP in General or do you really use it?

[zeitlins]

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 15:44:59 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
Output of Health Audit... Seams to be ok

I have not enabled LDAP in my freeradius configuration but i see the same issue if i upgrade freeradius again...

[szty0pa]

Can you disable LDAP in General or do you really use it?

On this instance i am really using LDAP but on an other one i don't and the result is the same (as @zeitlins also mentioned).

Health audit seems okay for me as well (sorry, i forgot to run it before):

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 20:53:07 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages:
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/account.conf.sample
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/deploy
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/dnsapi
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/notify
Checking all packages............. done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
I tried other auth modules, and the really strange thing is that radiusd always errors out loading rlm_pap even if i switch to mschapv2 or tls!

Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.

[Wirrkopf]

Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.

I have the same issue and I'm also using LibreSSL

[mimugmail]

Anyone able to switch to OpenSSL for testing?

[Wirrkopf]

Anyone able to switch to OpenSSL for testing?

I have switched to OpenSSL and after the reboot everything (as far as I have checked) was working ok.

Regarding the pap issue, this is definitely gone and FreeRadius is able to start. So this really seems to be related to LibreSSL. Good catch.

[mimugmail]

Second big problem after OpenVPN

[zeitlins]

also switched to openssl - and the Updated Version Works...
I´ll stick with openssl for now... i´m happy to test on the next update to switch ssl versions again ;-)

[kollaesch]

I have NOT switched to openssl. The bug is still not closed.

When will it be fixed? After upgrading to 21.7 I can't revert back to 21.1.6 any more.

( `opnsense-revert -r 21.1.6 freeradius3` )

Is there another quickfix besides switching to openssl??

Thanks.

[mimugmail]

There is none, its a problem of freeradius itself

[franco]

I have NOT switched to openssl. The bug is still not closed.

When will it be fixed?

Maybe never if users keep shouting in the wrong direction. It's a freeradius issue and some vendors are actively not supporting LibreSSL.


Cheers,
Franco

[SuperMiguel]

is this still an issue? I cant seem to be able to run freeradius on my OPNsense 21.7.5-amd64 install

[mimugmail]

No, yours is related to Jinja update introduced with 21.7.4

[SuperMiguel]

No, yours is related to Jinja update introduced with 21.7.4

any fix for my issue?