Bug #14596
closedFreeRADIUS falsely shows its default is to save data during package reinstall
0%
Description
forum thread: https://forum.netgate.com/topic/181594/restore-missing-freeradius-config
A new install of FreeRADIUS shows the "Save settings after deletion" checked by default. However
<keep_settings>on</keep_settings>
is not in the config.xml file, thus the package removes all settings upon reinstall, such as after a restore:
Jul 20 21:53:24 php 38236 //etc/rc.packages: Configuration Change: (system): Overwrote previous installation of freeradius3.
Jul 20 21:53:23 php 38236 //etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for freeradius3.
Jul 20 21:53:23 php 38236 //etc/rc.packages: Beginning package installation for freeradius3 .
Jul 20 21:53:23 check_reload_status 329 Syncing firewall
Jul 20 21:53:23 php 36496 /etc/rc.packages: Configuration Change: (system): [freeRADIUS] Package uninstalled.
Jul 20 21:53:22 php 36496 /etc/rc.packages: [freeRADIUS] Removing all FreeRADIUS settings since 'Keep Settings/Data' is disabled...
Jul 20 21:53:22 check_reload_status 329 Syncing firewall
Jul 20 21:53:22 php 36496 /etc/rc.packages: Configuration Change: (system): Intermediate config write during package removal for freeradius3.
Jul 20 21:53:22 php 36496 /etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
In fact the entire <freeradiussettings> tag is missing from the config.xml file:
<freeradiussettings>
<config>
<varsettingsmaxrequests>1024</varsettingsmaxrequests>
<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
<varsettingscleanupdelay>5</varsettingscleanupdelay>
<varsettingsallowcoredumps>no</varsettingsallowcoredumps>
<varsettingsregularexpressions>yes</varsettingsregularexpressions>
<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
<keep_settings>on</keep_settings>
<varsettingslogdir>syslog</varsettingslogdir>
<varsettingsauth>yes</varsettingsauth>
<varsettingsauthbadpass>no</varsettingsauthbadpass>
<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
<varsettingsstrippednames>no</varsettingsstrippednames>
<varsettingshostnamelookups>no</varsettingshostnamelookups>
<varsettingsmaxattributes>200</varsettingsmaxattributes>
<varsettingsrejectdelay>1</varsettingsrejectdelay>
<varsettingsstartservers>5</varsettingsstartservers>
<varsettingsmaxservers>32</varsettingsmaxservers>
<varsettingsminspareservers>3</varsettingsminspareservers>
<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
<varsettingsmotpenable></varsettingsmotpenable>
<varsettingsmotptimespan></varsettingsmotptimespan>
<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
<varsettingsmotptokenlength></varsettingsmotptokenlength>
<varsettingsenablemacauth></varsettingsenablemacauth>
<varsettingsenableacctunique></varsettingsenableacctunique>
</config>
</freeradiussettings>
It seems like the package defaults that show in the GUI are not reflected in the code, at least for the keep_settings setting. Thus anyone who has not actually saved the settings page will have all their FreeRADIUS settings removed upon package upgrade, config restore, pfSense upgrade, etc.
This missing section can be added next to the <freeradiuseapconf> tag and the config file restored again. To recover, also copy <freeradiuseapconf>, <freeradius>, <freeradiusclients>, and <freeradiusinterfaces> from a valid backup and restore it.
Related issues
Updated by Steve Y almost 2 years ago
Stated differently, it is not possible to restore FreeRADIUS settings unless one has at some point clicked the Save button the Settings tab.
In addition "all settings will be wiped on package uninstall/reinstall/upgrade" unless the Save button has been clicked at some point before then.
Updated by Danilo Zrenjanin almost 2 years ago
- Status changed from New to Confirmed
I can confirm this behavior.
Tested on:
23.05.1-RELEASE (amd64) built on Wed Jun 28 03:57:27 UTC 2023 FreeBSD 14.0-CURRENT
Updated by Jim Pingle over 1 year ago
- Status changed from Confirmed to Duplicate
Duplicate of #14806 but I already started working on that issue even though this one was older.
Updated by Jim Pingle over 1 year ago
- Related to Bug #14806: Freeradius configuration lost when you reinstall package added