FreeRadius: Client secret regression

Started by MartB, July 29, 2021, 11:53:44 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
July 29, 2021, 11:53:44 PM
Hey there,

after switching to 21.7 my freeradius stopped working with the following message:

Error: /usr/local/etc/raddb/clients.conf[2]: secret must be at least 1 character long

This was caused by missing quotes around the secret and possibly due to my secret starting with #@.

We need to add the quotation signs around the secrets when writing the config to prevent this.
July 30, 2021, 07:04:26 AM #1
Does it start without #@ in the secret?
July 30, 2021, 07:06:53 AM #2
Only change in this release was that clients need to use IP/networks instead of hostname
July 30, 2021, 12:07:59 PM #3
Quote from: mimugmail on July 30, 2021, 07:04:26 AM
Does it start without #@ in the secret?

Yes it does, adding it back is making it fail again.
Might be some dependency or os package change?
July 30, 2021, 12:54:51 PM #4
What was the last known working version?
July 30, 2021, 01:20:52 PM #5
RC2 must have worked, i should have noticed otherwise.
I can help find the exact cause for this in 6 hours if needed.
July 30, 2021, 02:07:10 PM #6
Freeradius was updated from 3.0.22 to 3.0.23 and plugin from 1.9.14 to 1.9.15.

First testen:

opnsense-revert -r 21.7.r1 freeradius3

If you still have the error:

opnsense-revert -r 21.7.r1 os-freeradius
July 30, 2021, 02:13:34 PM #7
If Jinja2 templates are involved this might be a side effect of Python 3.8 upgrade?


Cheers,
Franco
July 30, 2021, 03:00:36 PM #8
Templating is correct, but Freeradius seems to interpret is as a commect (leading hash) since 3.0.23
July 30, 2021, 03:09:58 PM #9
err ok  ;D
July 30, 2021, 03:11:59 PM #10
I'm unsure if FR intepretes " " as part of the string or not, maybe someone can verify it.
July 30, 2021, 06:23:59 PM #11 Last Edit: July 30, 2021, 06:27:21 PM by MartB
It does not thats what i did to fix it. Thanks for your research, just putting the quotes around would be enough to fix it.

Edit:
The 3.0.22 revert also works
July 30, 2021, 07:48:20 PM #12
Quote from: MartB on July 30, 2021, 06:23:59 PM
It does not thats what i did to fix it. Thanks for your research, just putting the quotes around would be enough to fix it

Would? Or did you test it?
July 30, 2021, 08:34:28 PM #13
As i said in my first post, yes it does fix it.
October 30, 2021, 04:56:16 PM #14
Hi there,

I had this issue and updated the secrets to be inclosed in "".

I just update to version 21.7.4 and get once again the message
Error: /usr/local/etc/raddb/clients.conf[2]: secret must be at least 1 character long

The secrets are still in inclosed with "". I remove the "" and still get the same error.

What do I need to do here?
Print
Go Up Pages1 2
User actions