Freeradius fails to start after update to 21.1.7

Started by athurdent, June 16, 2021, 02:35:39 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
June 22, 2021, 10:04:57 AM #15
Quote from: mimugmail on June 21, 2021, 10:05:31 PM
Doesnt happen on my side .. Screenshots please

Strange thing is that the modules are there:
Code Select
$ls /usr/local/lib/freeradius-3*/rlm_pap*
/usr/local/lib/freeradius-3.0.22/rlm_pap.a /usr/local/lib/freeradius-3.0.22/rlm_pap.so
/usr/local/lib/freeradius-3.0.22/rlm_pap.la

And it was working great up to v21.1.6 this way.
June 22, 2021, 12:57:14 PM #16
Can you disable LDAP in General or do you really use it?
June 22, 2021, 03:56:21 PM #17
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 15:44:59 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

Output of Health Audit... Seams to be ok

I have not enabled LDAP in my freeradius configuration but i see the same issue if i upgrade freeradius again...

June 22, 2021, 09:07:27 PM #18 Last Edit: June 22, 2021, 09:33:19 PM by szty0pa
Quote from: mimugmail on June 22, 2021, 12:57:14 PM
Can you disable LDAP in General or do you really use it?

On this instance i am really using LDAP but on an other one i don't and the result is the same (as @zeitlins also mentioned).

Health audit seems okay for me as well (sorry, i forgot to run it before):
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.7_1 (amd64/LibreSSL) at Tue Jun 22 20:53:07 CEST 2021
>>> Check installed kernel version
Version 21.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages:
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/account.conf.sample
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/deploy
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/dnsapi
acme.sh-2.9.0: missing file /var/db/acme/.acme.sh/notify
Checking all packages............. done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

I tried other auth modules, and the really strange thing is that radiusd always errors out loading rlm_pap even if i switch to mschapv2 or tls!

Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.
June 23, 2021, 07:49:53 PM #19
Quote from: szty0pa on June 22, 2021, 09:07:27 PM
Is it maybe LibreSSL related? I just noticed @zeitlins also uses that flavour.

I have the same issue and I'm also using LibreSSL
June 23, 2021, 08:07:58 PM #20
Anyone able to switch to OpenSSL for testing?
June 24, 2021, 12:27:05 PM #21
Quote from: mimugmail on June 23, 2021, 08:07:58 PM
Anyone able to switch to OpenSSL for testing?

I have switched to OpenSSL and after the reboot everything (as far as I have checked) was working ok.

Regarding the pap issue, this is definitely gone and FreeRadius is able to start. So this really seems to be related to LibreSSL. Good catch.
June 24, 2021, 06:41:02 PM #22
Second big problem after OpenVPN :(
June 26, 2021, 04:46:39 PM #23
also switched to openssl - and the Updated Version Works...
I´ll stick with openssl for now... i´m happy to test on the next update to switch ssl versions again ;-)
September 04, 2021, 05:35:46 PM #24
I have NOT switched to openssl. The bug is still not closed. :'(

When will it be fixed? After upgrading to 21.7 I can't revert back to 21.1.6 any more.

( `opnsense-revert -r 21.1.6 freeradius3` )

Is there another quickfix besides switching to openssl??

Thanks.
September 04, 2021, 05:51:06 PM #25
There is none, its a problem of freeradius itself
September 05, 2021, 10:50:53 AM #26
Quote from: kollaesch on September 04, 2021, 05:35:46 PMI have NOT switched to openssl. The bug is still not closed. :'(

When will it be fixed?

Maybe never if users keep shouting in the wrong direction. It's a freeradius issue and some vendors are actively not supporting LibreSSL.


Cheers,
Franco
November 15, 2021, 07:20:02 PM #27
is this still an issue? I cant seem to be able to run freeradius on my OPNsense 21.7.5-amd64 install
November 15, 2021, 08:24:32 PM #28
No, yours is related to Jinja update introduced with 21.7.4
November 16, 2021, 03:22:59 AM #29
Quote from: mimugmail on November 15, 2021, 08:24:32 PM
No, yours is related to Jinja update introduced with 21.7.4

any fix for my issue?
Print
Go Up Pages 1 2 3
User actions