Bug #14596
closedFreeRADIUS falsely shows its default is to save data during package reinstall
0%
Description
forum thread: https://forum.netgate.com/topic/181594/restore-missing-freeradius-config
A new install of FreeRADIUS shows the "Save settings after deletion" checked by default. However
<keep_settings>on</keep_settings>
is not in the config.xml file, thus the package removes all settings upon reinstall, such as after a restore:
Jul 20 21:53:24 php 38236 //etc/rc.packages: Configuration Change: (system): Overwrote previous installation of freeradius3.
Jul 20 21:53:23 php 38236 //etc/rc.packages: Configuration Change: (system): Intermediate config write during package install for freeradius3.
Jul 20 21:53:23 php 38236 //etc/rc.packages: Beginning package installation for freeradius3 .
Jul 20 21:53:23 check_reload_status 329 Syncing firewall
Jul 20 21:53:23 php 36496 /etc/rc.packages: Configuration Change: (system): [freeRADIUS] Package uninstalled.
Jul 20 21:53:22 php 36496 /etc/rc.packages: [freeRADIUS] Removing all FreeRADIUS settings since 'Keep Settings/Data' is disabled...
Jul 20 21:53:22 check_reload_status 329 Syncing firewall
Jul 20 21:53:22 php 36496 /etc/rc.packages: Configuration Change: (system): Intermediate config write during package removal for freeradius3.
Jul 20 21:53:22 php 36496 /etc/rc.packages: The command '/usr/local/etc/rc.d/radiusd.sh stop' returned exit code '1', the output was 'radiusd not running?'
In fact the entire <freeradiussettings> tag is missing from the config.xml file:
<freeradiussettings>
<config>
<varsettingsmaxrequests>1024</varsettingsmaxrequests>
<varsettingsmaxrequesttime>30</varsettingsmaxrequesttime>
<varsettingscleanupdelay>5</varsettingscleanupdelay>
<varsettingsallowcoredumps>no</varsettingsallowcoredumps>
<varsettingsregularexpressions>yes</varsettingsregularexpressions>
<varsettingsextendedexpressions>yes</varsettingsextendedexpressions>
<keep_settings>on</keep_settings>
<varsettingslogdir>syslog</varsettingslogdir>
<varsettingsauth>yes</varsettingsauth>
<varsettingsauthbadpass>no</varsettingsauthbadpass>
<varsettingsauthbadpassmessage></varsettingsauthbadpassmessage>
<varsettingsauthgoodpass>no</varsettingsauthgoodpass>
<varsettingsauthgoodpassmessage></varsettingsauthgoodpassmessage>
<varsettingsstrippednames>no</varsettingsstrippednames>
<varsettingshostnamelookups>no</varsettingshostnamelookups>
<varsettingsmaxattributes>200</varsettingsmaxattributes>
<varsettingsrejectdelay>1</varsettingsrejectdelay>
<varsettingsstartservers>5</varsettingsstartservers>
<varsettingsmaxservers>32</varsettingsmaxservers>
<varsettingsminspareservers>3</varsettingsminspareservers>
<varsettingsmaxspareservers>10</varsettingsmaxspareservers>
<varsettingsmaxqueuesize>65536</varsettingsmaxqueuesize>
<varsettingsmaxrequestsperserver>0</varsettingsmaxrequestsperserver>
<varsettingsmotpenable></varsettingsmotpenable>
<varsettingsmotptimespan></varsettingsmotptimespan>
<varsettingsmotppasswordattempts></varsettingsmotppasswordattempts>
<varsettingsmotpchecksumtype>md5</varsettingsmotpchecksumtype>
<varsettingsmotptokenlength></varsettingsmotptokenlength>
<varsettingsenablemacauth></varsettingsenablemacauth>
<varsettingsenableacctunique></varsettingsenableacctunique>
</config>
</freeradiussettings>
It seems like the package defaults that show in the GUI are not reflected in the code, at least for the keep_settings setting. Thus anyone who has not actually saved the settings page will have all their FreeRADIUS settings removed upon package upgrade, config restore, pfSense upgrade, etc.
This missing section can be added next to the <freeradiuseapconf> tag and the config file restored again. To recover, also copy <freeradiuseapconf>, <freeradius>, <freeradiusclients>, and <freeradiusinterfaces> from a valid backup and restore it.
Related issues