Issue with PAP/LDAP authentication after upgrade FR 2.0.5 to FR 2.1.1
John Dennis
jdennis at redhat.com
Wed Dec 3 19:29:13 CET 2008
Thibault Le Meur wrote:
> T
> I've searched and finally found out what occured. I'm using Fedora
> Core 9 and after the FR package update here is what occured: a lot of
> files including module files from the new RPM package were added as
> /etc/raddb/modules/<modulename>.rpmnew
> So at startup here is what is loaded:
> ...
> including configuration file /etc/raddb/modules/pap.rpmnew
> ...
> including configuration file /etc/raddb/modules/pap
> ...
>
> Most of my setup was working because I use specific instance of the
> modules such as "ldap-mycompany" and not the default "ldap" name.
> However, I use the std name for the pap module... I may change this in
> the future to avoid such issues after upgrade.
>
> I don't know if I should report this to the package maintainer or not.
> What do you think ?
I'm here :-)
The files under /etc/raddb/modules are configuration files.
Configuration files by definition are available for editing. It is
usually considered bad practice for rpm during an upgrade to overwrite
user modified configuration files. If rpm thinks a configuration file
has been modified instead of overwriting the configuration file with the
version from the new package it instead lays a new copy of that file
down with the .rpmnew extension. It's your job as a system administrator
to pay attention to the presence of .rpmnew files, during installation
it will warn you such files were created which is your signal to
investigate. If you miss the warnings you should still periodically
check under /etc for the presence of .rpmnew files and .rpmsave by the
same token.
Now having said that, it's entirely possible there is a packaging
problem and the .rpmnew files should not have been created, I'll go off
and take a look at that issue. My recollection is that rpm is smart
enough to detect the case where the old version of a config file differs
from the new version but the old version was not locally edited. I
believe this is case you're describing. In this instance rpm should
replace the config files and not generate a .rpmnew. Did you edit the
pap config file in any manner?
--
John Dennis <jdennis at redhat.com>
More information about the Freeradius-Users
mailing list