Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore

Jorge Pereira jpereira at freeradius.org
Thu Dec 17 17:55:23 CET 2020


Hi Harald,

We encourage you to always use the latest version of the FreeRADIUS. In this case, latest is 3.0.21

---
Jorge Pereira
jpereira at freeradius.org




> On 17 Dec 2020, at 10:02, Harald Hannelius <harald.hannelius at arcada.fi> wrote:
> 
> 
> 
> Yes, that bit me quite a while when I did the last upgrade :)
> 
> This is an upgrade from 3.0.12 -> 3.0.17, I really really hope that this wouldn't meen a change like that.
> 
> On Thu, 17 Dec 2020, L.P.H. van Belle via Freeradius-Users wrote:
> 
>> Didnt debian switch from a "one" config to "includes"
>> 
>> .. like do you see /etc/freeradius/3.0/
>> 
>> i think its something like that.
>> 
>> 
>>> -----Oorspronkelijk bericht-----
>>> Van: Freeradius-Users [mailto:freeradius-users-
>>> bounces+belle=bazuin.nl at lists.freeradius.org] Namens Harald Hannelius
>>> Verzonden: donderdag 17 december 2020 13:52
>>> Aan: FreeRadius users mailing list
>>> Onderwerp: Re: Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore
>>> 
>>> 
>>> On Thu, 17 Dec 2020, Alan DeKok wrote:
>>>> On Dec 17, 2020, at 7:34 AM, Harald Hannelius
>>> <harald.hannelius at arcada.fi> wrote:
>>>>> I performed a dist-upgrade on a Debian 9 running freeradius-3.0.12,
>>> thus going to Debian 10 and freeradius-3.0.17.
>>>>> 
>>>>> I haven't touched the config, nor did I allow the dist-upgrade to do
>>> any changes.
>>>> 
>>>> *Any* changes?  Like maybe add FW rules?
>>> 
>>> No changes. No firewall rules. Talking to localhost.
>>> 
>>> I noted that the Debian 9.0 freeradius-3.0.12 freeradius -X output ends
>>> with
>>> this;
>>> 
>>>    }
>>> }
>>> Listening on command file /var/run/freeradius/freeradius.sock
>>> Listening on auth address * port 1812 bound to server default
>>> Listening on acct address * port 1813 bound to server default
>>> Listening on auth address :: port 1812 bound to server default
>>> Listening on acct address :: port 1813 bound to server default
>>> Listening on proxy address * port 46685
>>> Listening on proxy address :: port 59709
>>> Ready to process requests
>>> 
>>> 
>>> Whereas the Debian 10.0 freeradius 3.0.17 freeradius X output ends with;
>>> 
>>>  listen {
>>>         socket = "/var/run/freeradius/freeradius.sock"
>>>         peercred = yes
>>>  }
>>> }
>>> Listening on command file /var/run/freeradius/freeradius.sock
>>> Ready to process requests
>>> 
>>> 
>>> No wonder I don't get any replies on the network :)
>>> 
>>>>> After the upgrade freeradius starts, but doesn't reply on the network.
>>> I
>>>>> have tested with radtest, and it always just prints three tries and
>>> ends
>>>>> with "(0) No reply from server for ID 120 socket 3". I have done the
>>>>> tests with both -4 and -6.
>>>> 
>>>> See the firewall.  Or maybe SELinux.  There is nothing in the server
>>> which says "ignore all input packets".
>>> 
>>> No iptables-rules defined on this server.
>>> 
>>>   # dpkg --get-selections|grep selinux
>>>   libselinux1:amd64				install
>>> 
>>> I don't seem to have gotten SElinux on this server.
>>> 
>>> I think that apparmor always outpus something in the kernel ring buffer, I
>>> can't see anything about freeradius using 'dmesg'.
>>> 
>>> I will have to run a diff on the config before and after upgrade, and
>>> check
>>> everything. I suspect the Debian upgrade did something it shouldn't have.
>>> 
>>> I might as well be barking up the wrong tree here, have to jog over to the
>>> Debian-tree perhaps.
>>> 
>>> --
>>> 
>>> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
>> 
> 
> -- 
> 
> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list