Bug #11582
FreeRADIUS XML-RPC Sync doesn't sync all configuration sections
0%
Description
Using the XML-RPC Sync feature of the FreeRADIUS package doesn't sync all configuration sections.
For example:- tab
Usersis correctly synced. - tab
MACsis correctly synced. - tab
NAS / Clientsis correctly synced.
InterfacesSettingsEAP
(I did not test the other tabs.)
I did some digging into the FreeRADIUS package source code, and found the following (some code is omitted):
function freeradius_do_xmlrpc_sync($sync_to_ip, $username, $password, $varsyncport, $varsyncprotocol, $varsynctimeout) {
// [... some omitted code ...]
/* XML will hold the sections to sync. */
$xml = array();
$xml['freeradius'] = $config['installedpackages']['freeradius'];
$xml['freeradiusauthorizedmacs'] = $config['installedpackages']['freeradiusauthorizedmacs'];
$xml['freeradiusclients'] = $config['installedpackages']['freeradiusclients'];
$execcmd = "require_once('/usr/local/pkg/freeradius.inc');\n";
$execcmd .= "freeradius_all_after_XMLRPC_resync();";
// [... some omitted code ...]
}
This method synchronizes only the sections :
freeradiusfreeradiusauthorizedmacs(which holds settings from theMACstab)freeradiusclients(which holds settings from theNAS / Clientstab)
freeradiuseapconf(which holds settings from theEAPtab)freeradiusinterfaces(which holds settings from theInterfacestab)freeradiusinterfaces(which holds settings from theSettingstab)freeradiussync(this one I understand why it's omitted: in order to avoid a sync loop)
I manually edited the source code to make it sync the missing sections, and it seems to work well (at least, the configuration is well-synced).
It there a reason why these 3 sections (freeradiuseapconf, freeradiusinterfaces, freeradiusinterfaces) are omitted from the synchronization mechanism ?
History
Updated by #2
Updated by Jim Pingle about 2 months ago
Updated by - Status changed from New to Pull Request Review
#3
Updated by Alexis Mestag about 2 months ago
Updated by It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosity, and I would have liked to give it a try) ?
Will the PR be mirrored to GitHub ?
#4
Updated by Viktor Gurov about 2 months ago
Alexis Mestag wrote:
It seems I don't have access to https://gitlab.netgate.com/.
Is there a way for me to see the patch (out of curiosity, and I would have liked to give it a try) ?
Will the PR be mirrored to GitHub ?
This is a private gitlab repo
Please try this patch:
#5
Updated by Renato Botelho about 1 month ago
Updated by - Status changed from Pull Request Review to Feedback
- Assignee set to Viktor Gurov
PR has been merged. Thanks!
#6
Updated by Alexis Mestag about 1 month ago
Sorry, there are still some issues, even after I successfully applied the patch, using the System_Patches package.
- XMLRPC doesn't sync to backup server if I go to
EAPtab, do some changes, and then click `Save`. See the following logs:Mar 8 10:16:16 pfSense check_reload_status: Syncing firewall Mar 8 10:16:16 pfSense radiusd[15505]: Signalled to terminate Mar 8 10:16:16 pfSense radiusd[15505]: Exiting normally Mar 8 10:16:16 pfSense radiusd[79733]: Debugger not attached Mar 8 10:16:16 pfSense radiusd[81641]: Loaded virtual server <default> Mar 8 10:16:16 pfSense radiusd[81641]: Loaded virtual server default Mar 8 10:16:16 pfSense radiusd[81641]: Ignoring "sql" (see raddb/mods-available/README.rst) Mar 8 10:16:16 pfSense radiusd[81641]: Ignoring "ldap" (see raddb/mods-available/README.rst) Mar 8 10:16:16 pfSense radiusd[81641]: Loaded virtual server inner-tunnel-peap Mar 8 10:16:16 pfSense radiusd[81641]: Loaded virtual server inner-tunnel-ttls Mar 8 10:16:16 pfSense radiusd[81641]: Ready to process requests Mar 8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.host_firmware_version). Mar 8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC versioncheck: 19.1 -- 19.1 Mar 8 10:16:17 pfSense php-fpm[334]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:16:20 pfSense php-fpm[334]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.restore_config_section).
- I need to manually go to
XMLRPC Synctab, and clickSaveto have it sync the configuration to the backup server. This time, I get the following logs:Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: [FreeRADIUS]: XMLRPC sync is starting with timeout 150 seconds. Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:21:59 pfSense check_reload_status: Syncing firewall Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.merge_installedpackages_section). Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.exec_php). Mar 8 10:21:59 pfSense php-fpm[335]: /pkg_edit.php: [FreeRADIUS]: XMLRPC sync is ending. Mar 8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.host_firmware_version). Mar 8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC versioncheck: 19.1 -- 19.1 Mar 8 10:22:00 pfSense php-fpm[335]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.31.255.2:443/xmlrpc.php. Mar 8 10:22:03 pfSense php-fpm[335]: /rc.filter_synchronize: XMLRPC reload data success with https://172.31.255.2:443/xmlrpc.php (pfsense.restore_config_section).
- But it successfully does so when I add an entry in the
NAS / Clientstab.- Another thing is: If I delete an entry from the
NAT / Clients, then the deletion isn't synced to the backup server.
- Another thing is: If I delete an entry from the
#7
Updated by Viktor Gurov about 1 month ago
- Status changed from Feedback to New
Alexis Mestag wrote:
Sorry, there are still some issues, even after I successfully applied the patch, using the
System_Patchespackage.
- XMLRPC doesn't sync to backup server if I go to
EAPtab, do some changes, and then click `Save`. See the following logs:
[...]- I need to manually go to
XMLRPC Synctab, and clickSaveto have it sync the configuration to the backup server. This time, I get the following logs:
[...]
- But it successfully does so when I add an entry in the
NAS / Clientstab.
- Another thing is: If I delete an entry from the
NAT / Clients, then the deletion isn't synced to the backup server.
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69
#8
Updated by Jim Pingle about 1 month ago
- Status changed from New to Pull Request Review
#9
Updated by Alexis Mestag about 1 month ago
Viktor Gurov wrote:
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69
If you can provide the patch, I can test it for you.
#10
Updated by Viktor Gurov about 1 month ago
Alexis Mestag wrote:
Viktor Gurov wrote:
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/69If you can provide the patch, I can test it for you.
See attachment
Another thing is: If I delete an entry from the NAT / Clients, then the deletion isn't synced to the backup server.
Unable to reproduce - it successfully sync configuration on NAS Client deletion
#11
Updated by Viktor Gurov about 1 month ago
- Affected Version deleted (
2.4.5-p1)