Project

General

Profile

Bug #7479

freeRadius not started after update to 1.7.8

Added by Konstantin Ab 3 months ago. Updated 3 months ago.

Status:
Rejected
Priority:
Very Low
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
04/18/2017
Due date:
% Done:

0%

Affected version:
Affected Architecture:

Description

I upgrade freeraius and freeraius not started now

In log:

Apr 18 23:21:00 radiusd 11844 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Apr 18 23:21:00 radiusd 11844 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Apr 18 23:21:00 radiusd 11844 rlm_eap: Failed to initialize type tls
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/eap.conf2: Instantiation failed for module "eap"
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/sites-enabled/default342: Failed to find "eap" in the "modules" section.
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/sites-enabled/default277: Errors parsing authenticate section.
Apr 18 23:21:00 radiusd 11844 Failed to load virtual server <default>
Apr 18 23:22:00 php-cgi servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)

History

#1 Updated by Jim Pingle 3 months ago

  • Status changed from New to Rejected
  • Priority changed from Very High to Very Low

Support for the old and redundant certificate manager in FreeRADIUS was removed. Create or import a server certificate under System > Cert Manager and choose it in the FreeRADIUS settings.

#2 Updated by Konstantin Ab 3 months ago

i not use Cert Manager. And EAP.
It is necessary?

#3 Updated by Jim Pingle 3 months ago

A server certificate is necessary for EAP. Given the error, you had to have used it in the past.

#4 Updated by Konstantin Ab 3 months ago

Jim Pingle wrote:

Given the error, you had to have used it in the past.

eap? no, i not used EAP, never.
this bug from forum https://forum.pfsense.org/index.php?topic=129024.0 (not my)
i use only SQL section

#5 Updated by Jim Pingle 3 months ago

You may not realize it is enabled, but it must be, or you wouldn't get that error. At this point it is not a bug, but a configuration issue and needs to go back to the forum.

#6 Updated by Kill Bill 3 months ago

There is no way to NOT configure EAP in the package. Simply said, configuring the certs in the CA manager is mandatory. As noted on the bug about the bundled cert manager removal [1], this needs some install message, file_notice() or whatever on upgrade added and docs updated. Alternatively, the certificate could be created on package install if there's none configured yet.

All this stuff got merged all the way back to RELENG_2_3_3, not really something I expected to happen (at least before the above is done).

[1] https://redmine.pfsense.org/issues/7170#note-9

#7 Updated by Kill Bill 3 months ago

Added an install message and some input validation and other tweaks @ https://github.com/pfsense/FreeBSD-ports/pull/344.

#8 Updated by Jim Pingle 3 months ago

  • Target version deleted (2.3.4)

Also available in: Atom PDF