Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore

L.P.H. van Belle belle at bazuin.nl
Thu Dec 17 13:56:09 CET 2020


Didnt debian switch from a "one" config to "includes" 

.. like do you see /etc/freeradius/3.0/ 

i think its something like that. 


> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users [mailto:freeradius-users-
> bounces+belle=bazuin.nl at lists.freeradius.org] Namens Harald Hannelius
> Verzonden: donderdag 17 december 2020 13:52
> Aan: FreeRadius users mailing list
> Onderwerp: Re: Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore
> 
> 
> On Thu, 17 Dec 2020, Alan DeKok wrote:
> > On Dec 17, 2020, at 7:34 AM, Harald Hannelius
> <harald.hannelius at arcada.fi> wrote:
> >> I performed a dist-upgrade on a Debian 9 running freeradius-3.0.12,
> thus going to Debian 10 and freeradius-3.0.17.
> >>
> >> I haven't touched the config, nor did I allow the dist-upgrade to do
> any changes.
> >
> >  *Any* changes?  Like maybe add FW rules?
> 
> No changes. No firewall rules. Talking to localhost.
> 
> I noted that the Debian 9.0 freeradius-3.0.12 freeradius -X output ends
> with
> this;
> 
>     }
> }
> Listening on command file /var/run/freeradius/freeradius.sock
> Listening on auth address * port 1812 bound to server default
> Listening on acct address * port 1813 bound to server default
> Listening on auth address :: port 1812 bound to server default
> Listening on acct address :: port 1813 bound to server default
> Listening on proxy address * port 46685
> Listening on proxy address :: port 59709
> Ready to process requests
> 
> 
> Whereas the Debian 10.0 freeradius 3.0.17 freeradius X output ends with;
> 
>   listen {
>          socket = "/var/run/freeradius/freeradius.sock"
>          peercred = yes
>   }
> }
> Listening on command file /var/run/freeradius/freeradius.sock
> Ready to process requests
> 
> 
> No wonder I don't get any replies on the network :)
> 
> >> After the upgrade freeradius starts, but doesn't reply on the network.
> I
> >> have tested with radtest, and it always just prints three tries and
> ends
> >> with "(0) No reply from server for ID 120 socket 3". I have done the
> >> tests with both -4 and -6.
> >
> >  See the firewall.  Or maybe SELinux.  There is nothing in the server
> which says "ignore all input packets".
> 
> No iptables-rules defined on this server.
> 
>    # dpkg --get-selections|grep selinux
>    libselinux1:amd64				install
> 
> I don't seem to have gotten SElinux on this server.
> 
> I think that apparmor always outpus something in the kernel ring buffer, I
> can't see anything about freeradius using 'dmesg'.
> 
> I will have to run a diff on the config before and after upgrade, and
> check
> everything. I suspect the Debian upgrade did something it shouldn't have.
> 
> I might as well be barking up the wrong tree here, have to jog over to the
> Debian-tree perhaps.
> 
> --
> 
> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list