Bug #7479
closedfreeRadius not started after update to 1.7.8
0%
Description
I upgrade freeraius and freeraius not started now
In log:
Apr 18 23:21:00 radiusd 11844 rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory
Apr 18 23:21:00 radiusd 11844 rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/server_cert.pem
Apr 18 23:21:00 radiusd 11844 rlm_eap: Failed to initialize type tls
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/eap.conf2: Instantiation failed for module "eap"
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/sites-enabled/default342: Failed to find "eap" in the "modules" section.
Apr 18 23:21:00 radiusd 11844 /usr/local/etc/raddb/sites-enabled/default277: Errors parsing authenticate section.
Apr 18 23:21:00 radiusd 11844 Failed to load virtual server <default>
Apr 18 23:22:00 php-cgi servicewatchdog_cron.php: Service Watchdog detected service radiusd stopped. Restarting radiusd (FreeRADIUS Server)
Updated by Jim Pingle about 7 years ago
- Status changed from New to Rejected
- Priority changed from Very High to Very Low
Support for the old and redundant certificate manager in FreeRADIUS was removed. Create or import a server certificate under System > Cert Manager and choose it in the FreeRADIUS settings.
Updated by Konstantin Ab about 7 years ago
i not use Cert Manager. And EAP.
It is necessary?
Updated by Jim Pingle about 7 years ago
A server certificate is necessary for EAP. Given the error, you had to have used it in the past.
Updated by Konstantin Ab about 7 years ago
Jim Pingle wrote:
Given the error, you had to have used it in the past.
eap? no, i not used EAP, never.
this bug from forum https://forum.pfsense.org/index.php?topic=129024.0 (not my)
i use only SQL section
Updated by Jim Pingle about 7 years ago
You may not realize it is enabled, but it must be, or you wouldn't get that error. At this point it is not a bug, but a configuration issue and needs to go back to the forum.
Updated by Kill Bill about 7 years ago
There is no way to NOT configure EAP in the package. Simply said, configuring the certs in the CA manager is mandatory. As noted on the bug about the bundled cert manager removal [1], this needs some install message, file_notice() or whatever on upgrade added and docs updated. Alternatively, the certificate could be created on package install if there's none configured yet.
All this stuff got merged all the way back to RELENG_2_3_3, not really something I expected to happen (at least before the above is done).
Updated by Kill Bill about 7 years ago
Added an install message and some input validation and other tweaks @ https://github.com/pfsense/FreeBSD-ports/pull/344.