pfSense - Feature #13446: Upgrade PHP from 7.4 to 8.1
FreeRADIUS Users cleared out each time a user is add, removed, or modified
After upgrading from Stable to Development I noticed that my RADIUS authentication was broken. I'm using a very basic setup with users being stored locally in a file and PAP; no SQL, LDAP, or VPN. The only complication is that I have a few VLANs.
I troubleshooted the problem for a while and found the following:
- Each time a user is added, removed, or modified via Services > FreeRADIUS > Users , the
/usr/local/etc/raddb/mods-config/files/authorizefile is cleared and not repopulated
- When a user is attempting a login, radiusd cannot find the last good known password, because there are no users in the local database; it doesn't set
Auth-Type, and the login fails in post-auth
- Naturally, tests via Diagnostics > Authentication also fail, and pfSense web admin logins fail and fall back to the local database
- If I manually add the user to the local database file, authentication works fine like before
- Simply stopping and restarting the services via GUI or console does not clear the user database
I'm not familiar with how the GUI wrapper in pfSense works, but it seems to me that the user configuration is no longer written correctly.
My server is on:
built on Thu Nov 03 06:04:43 UTC 2022
Updated by aleksei prokofiev 3 months ago
- File clipboard-202211060955-iycul.png clipboard-202211060955-iycul.png added
- File clipboard-202211060955-ed4ap.png clipboard-202211060955-ed4ap.png added
built on Fri Nov 04 06:05:19 UTC 2022
I can confirm that after add users, the file /usr/local/etc/raddb/mods-config/files/authorize is empty
Updated by Gerke Max Preussner 3 months ago
I noticed that the file can also get wiped without touching the RADIUS users at all. I haven't figured out yet how this happens - it could be when rebooting pfSense. I'll try to look into this some more later this week.
Another, perhaps important observation is that the RADIUS user list in the GUI always remains intact. Apparently it is persisted elsewhere, but not written out into the RADIUS configuration.
Updated by Marcos M about 2 months ago
- File freeradius.patch freeradius.patch added
- Tracker changed from Bug to Regression
- Status changed from New to Pull Request Review
- Assignee set to Marcos M
- Target version set to 2.7.0
- Plus Target Version set to 23.01
- Affected Plus Version set to 23.01
- Affected Architecture All added
- Affected Architecture deleted (
Copy/paste/apply attached patch (strip count 4).