Failed to start FreeRadius without Error Code
Hello, i am trying to set up a FreeRADIUS-Server with more than one virtual servers. One virtual server is for the WLAN-Connection for different users and the other virtual servers should be for our VPN-connection. While restarting the freeradius.service i with two virtual servers i got the following message: root@bkr-idm1:/etc/freeradius/3.0/sites-available# systemctl restart freeradius.service Job for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details. The messages from journalctl -xe: root@bkr-idm1:/etc/freeradius/3.0/sites-available# journalctl -xe -- Unit freeradius.service has begun shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Stopped FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has finished shutting down -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has finished shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Starting FreeRADIUS multi-protocol policy server... -- Subject: Unit freeradius.service has begun start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has begun starting up. Mai 11 09:30:36 bkr-idm1 freeradius[2150]: FreeRADIUS Version 3.0.12 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Copyright (C) 1999-2016 The FreeRADIUS server project and contributors Mai 11 09:30:36 bkr-idm1 freeradius[2150]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mai 11 09:30:36 bkr-idm1 freeradius[2150]: PARTICULAR PURPOSE Mai 11 09:30:36 bkr-idm1 freeradius[2150]: You may redistribute copies of FreeRADIUS under the terms of the Mai 11 09:30:36 bkr-idm1 freeradius[2150]: GNU General Public License Mai 11 09:30:36 bkr-idm1 freeradius[2150]: For more information about these matters, see the file named COPYRIGHT Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Starting - reading configuration files ... Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Debugger not attached Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute Unix-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute LDAP-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Mai 11 09:30:36 bkr-idm1 freeradius[2150]: tls: Using cached TLS configuration from previous invocation Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_mschap (mschap): authenticating by calling 'ntlm_auth' Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap: libldap vendor: OpenLDAP, version: 20445 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Initialising connection pool Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Ignoring "sql" (see raddb/mods-available/README.rst) Mai 11 09:30:36 bkr-idm1 freeradius[2150]: radiusd: #### Skipping IP addresses and Ports #### Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Configuration appears to be OK Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Removing connection pool Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Control process exited, code=exited status=1 Mai 11 09:30:36 bkr-idm1 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has failed. -- -- The result is failed. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Unit entered failed state. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Failed with result 'exit-code'. The configuration of my virtual servers and the clients.conf should be ok. While configuring the virtual servers i got a few error messages from the command journalctl -xe. If i just use one virtual server everthing works fine. A little bit of helf would be appreciated. Regards, Simon Dankau
Hi Simon, can you check what the output of running freeradius -X is? That would provide you and us more information about what error you might have. Alex El 11/5/21 a las 10:02, SImon Dankau escribió:
Hello,
i am trying to set up a FreeRADIUS-Server with more than one virtual servers. One virtual server is for the WLAN-Connection for different users and the other virtual servers should be for our VPN-connection.
While restarting the freeradius.service i with two virtual servers i got the following message:
root@bkr-idm1:/etc/freeradius/3.0/sites-available# systemctl restart freeradius.service Job for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details.
The messages from journalctl -xe: root@bkr-idm1:/etc/freeradius/3.0/sites-available# journalctl -xe -- Unit freeradius.service has begun shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Stopped FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has finished shutting down -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has finished shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Starting FreeRADIUS multi-protocol policy server... -- Subject: Unit freeradius.service has begun start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has begun starting up. Mai 11 09:30:36 bkr-idm1 freeradius[2150]: FreeRADIUS Version 3.0.12 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Copyright (C) 1999-2016 The FreeRADIUS server project and contributors Mai 11 09:30:36 bkr-idm1 freeradius[2150]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mai 11 09:30:36 bkr-idm1 freeradius[2150]: PARTICULAR PURPOSE Mai 11 09:30:36 bkr-idm1 freeradius[2150]: You may redistribute copies of FreeRADIUS under the terms of the Mai 11 09:30:36 bkr-idm1 freeradius[2150]: GNU General Public License Mai 11 09:30:36 bkr-idm1 freeradius[2150]: For more information about these matters, see the file named COPYRIGHT Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Starting - reading configuration files ... Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Debugger not attached Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute Unix-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute LDAP-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Mai 11 09:30:36 bkr-idm1 freeradius[2150]: tls: Using cached TLS configuration from previous invocation Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_mschap (mschap): authenticating by calling 'ntlm_auth' Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap: libldap vendor: OpenLDAP, version: 20445 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Initialising connection pool Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Ignoring "sql" (see raddb/mods-available/README.rst) Mai 11 09:30:36 bkr-idm1 freeradius[2150]: radiusd: #### Skipping IP addresses and Ports #### Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Configuration appears to be OK Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Removing connection pool Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Control process exited, code=exited status=1 Mai 11 09:30:36 bkr-idm1 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has failed. -- -- The result is failed. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Unit entered failed state. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Failed with result 'exit-code'.
The configuration of my virtual servers and the clients.conf should be ok. While configuring the virtual servers i got a few error messages from the command journalctl -xe. If i just use one virtual server everthing works fine.
A little bit of helf would be appreciated.
Regards,
Simon Dankau - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alejandro Perez-Mendez Technical Specialist (AAA), Trust & Identity Skype alejandro_perez_mendez jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice
Hi Alex, as requested: root@bkr-app:/etc/freeradius/3.0/sites-enabled# freeradius -X FreeRADIUS Version 3.0.12 Copyright (C) 1999-2016 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/3.0/dictionary including configuration file /etc/freeradius/3.0/radiusd.conf including configuration file /etc/freeradius/3.0/proxy.conf including configuration file /etc/freeradius/3.0/proxy.conf.debian including configuration file /etc/freeradius/3.0/clients.univention.conf including configuration file /etc/freeradius/3.0/clients.conf including files in directory /etc/freeradius/3.0/mods-enabled/ including configuration file /etc/freeradius/3.0/mods-enabled/linelog including configuration file /etc/freeradius/3.0/mods-enabled/preprocess including configuration file /etc/freeradius/3.0/mods-enabled/realm including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth including configuration file /etc/freeradius/3.0/mods-enabled/utf8 including configuration file /etc/freeradius/3.0/mods-enabled/eap including configuration file /etc/freeradius/3.0/mods-enabled/passwd including configuration file /etc/freeradius/3.0/mods-enabled/ldap including configuration file /etc/freeradius/3.0/mods-enabled/unpack including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients including configuration file /etc/freeradius/3.0/mods-enabled/radutmp including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap including configuration file /etc/freeradius/3.0/mods-enabled/exec including configuration file /etc/freeradius/3.0/mods-enabled/pap including configuration file /etc/freeradius/3.0/mods-enabled/always including configuration file /etc/freeradius/3.0/mods-enabled/expiration including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp including configuration file /etc/freeradius/3.0/mods-enabled/echo including configuration file /etc/freeradius/3.0/mods-enabled/replicate including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter including configuration file /etc/freeradius/3.0/mods-enabled/chap including configuration file /etc/freeradius/3.0/mods-enabled/logintime including configuration file /etc/freeradius/3.0/mods-enabled/digest including configuration file /etc/freeradius/3.0/mods-enabled/mschap including configuration file /etc/freeradius/3.0/mods-enabled/soh including configuration file /etc/freeradius/3.0/mods-enabled/expr including configuration file /etc/freeradius/3.0/mods-enabled/detail.log including configuration file /etc/freeradius/3.0/mods-enabled/unix including configuration file /etc/freeradius/3.0/mods-enabled/detail including configuration file /etc/freeradius/3.0/mods-enabled/files including files in directory /etc/freeradius/3.0/policy.d/ including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids including configuration file /etc/freeradius/3.0/policy.d/operator-name including configuration file /etc/freeradius/3.0/policy.d/eap including configuration file /etc/freeradius/3.0/policy.d/debug including configuration file /etc/freeradius/3.0/policy.d/dhcp including configuration file /etc/freeradius/3.0/policy.d/accounting including configuration file /etc/freeradius/3.0/policy.d/abfab-tr including configuration file /etc/freeradius/3.0/policy.d/control including configuration file /etc/freeradius/3.0/policy.d/cui including configuration file /etc/freeradius/3.0/policy.d/canonicalization including configuration file /etc/freeradius/3.0/policy.d/filter including files in directory /etc/freeradius/3.0/sites-enabled/ including configuration file /etc/freeradius/3.0/sites-enabled/custom including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnel main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } realm MY { } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client bkr-app { ipaddr = 10.11.100.31 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client bkr-idm1 { ipaddr = 10.11.21.70 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-Unifi { ipaddr = 10.11.21.45 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client SW-B313-61 { ipaddr = 10.11.102.61 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-AdminPC { ipaddr = 10.200.23.242 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client AP-313-Netgear { ipaddr = 10.11.103.166 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-WC-1 { ipaddr = 10.11.103.241 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-Router1 { ipaddr = 10.11.100.251 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-Router2 { ipaddr = 10.11.21.252 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client bkr-vw { ipaddr = 10.11.107.10 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-Router-VW { ipaddr = 10.11.107.254 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-Router-DMZ { ipaddr = 10.11.21.251 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client bkr-paed { ipaddr = 10.11.100.30 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client BKR-VPN01 { ipaddr = 10.11.21.41 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client AccessPoints { ipaddr = 10.11.103.0/24 require_message_authenticator = no secret = <<< secret >>> virtual_server = "custom" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Debugger not attached # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = LDAP radiusd: #### Instantiating modules #### modules { # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/3.0/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8 # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_ldap # Loading module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap ldap { server = "bkr-app.my.bkrnet.de" port = 7389 identity = "cn=bkr-app,cn=dc,cn=computers,dc=my,dc=bkrnet,dc=de" password = <<< secret >>> sasl { } user { scope = "sub" access_positive = yes sasl { } } group { filter = "(objectClass=posixGroup)" scope = "sub" name_attribute = "cn" membership_attribute = "memberOf" cacheable_name = no cacheable_dn = no } client { filter = "(objectClass=radiusClient)" scope = "sub" base_dn = "dc=my,dc=bkrnet,dc=de" } profile { } options { ldap_debug = 40 chase_referrals = yes rebind = yes net_timeout = 1 res_timeout = 10 srv_timelimit = 3 idle = 60 probes = 3 interval = 3 } tls { start_tls = yes } } Creating attribute LDAP-Group # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients # Loaded module rlm_radutmp # Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_cache # Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } # Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration # Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/univention-radius-ntlm-auth-suidwrapper --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00} --station-id=%{outer.request:Calling-Station-Id}" passchange { } allow_retry = yes } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files files { filename = "/etc/freeradius/3.0/mods-config/files/authorize" acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy" } instantiate { } # Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog # Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm # Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_leap # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius/3.0/certs" pem_file_type = yes private_key_file = "/etc/freeradius/ssl/private.key" certificate_file = "/etc/freeradius/ssl/cert.pem" ca_file = "/etc/univention/ssl/ucsCA/CAcert.pem" dh_file = "/etc/freeradius/3.0/certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" ecdh_curve = "prime256v1" cache { enable = yes lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap rlm_ldap: libldap vendor: OpenLDAP, version: 20445 accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" } post-auth { reference = "." } rlm_ldap (ldap): Initialising connection pool pool { start = 5 min = 3 max = 32 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 30 spread = no } rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (ldap): Connecting to ldap://bkr-app.my.bkrnet.de:7389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (ldap): Connecting to ldap://bkr-app.my.bkrnet.de:7389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Opening additional connection (2), 1 of 30 pending slots used rlm_ldap (ldap): Connecting to ldap://bkr-app.my.bkrnet.de:7389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Opening additional connection (3), 1 of 29 pending slots used rlm_ldap (ldap): Connecting to ldap://bkr-app.my.bkrnet.de:7389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Opening additional connection (4), 1 of 28 pending slots used rlm_ldap (ldap): Connecting to ldap://bkr-app.my.bkrnet.de:7389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful # Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked # Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap # Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always # Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response # Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime # Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap rlm_mschap (mschap): authenticating by calling 'ntlm_auth' # Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log # Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail # Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/3.0/radiusd.conf } # server server custom { # from file /etc/freeradius/3.0/sites-enabled/custom # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading accounting {...} Ignoring "sql" (see raddb/mods-available/README.rst) # Loading post-proxy {...} # Loading post-auth {...} } # server custom server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel # Loading authenticate {...} # Loading authorize {...} # Loading session {...} # Loading post-proxy {...} # Loading post-auth {...} } # server inner-tunnel radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } Failed binding to auth address * port 1812 bound to server custom: Address already in use /etc/freeradius/3.0/sites-enabled/custom[68]: Error binding to port for 0.0.0.0 port 1812 Best Regards Simon ________________________________ Von: Freeradius-Users <freeradius-users-bounces+sdankau=rf-computer.de@lists.freeradius.org> im Auftrag von Alejandro Perez-Mendez via Freeradius-Users <freeradius-users@lists.freeradius.org> Gesendet: Dienstag, 11. Mai 2021 12:07:17 An: freeradius-users@lists.freeradius.org Cc: Alejandro Perez-Mendez Betreff: Re: Failed to start FreeRadius without Error Code Hi Simon, can you check what the output of running freeradius -X is? That would provide you and us more information about what error you might have. Alex El 11/5/21 a las 10:02, SImon Dankau escribió:
Hello,
i am trying to set up a FreeRADIUS-Server with more than one virtual servers. One virtual server is for the WLAN-Connection for different users and the other virtual servers should be for our VPN-connection.
While restarting the freeradius.service i with two virtual servers i got the following message:
root@bkr-idm1:/etc/freeradius/3.0/sites-available# systemctl restart freeradius.service Job for freeradius.service failed because the control process exited with error code. See "systemctl status freeradius.service" and "journalctl -xe" for details.
The messages from journalctl -xe: root@bkr-idm1:/etc/freeradius/3.0/sites-available# journalctl -xe -- Unit freeradius.service has begun shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Stopped FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has finished shutting down -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has finished shutting down. Mai 11 09:30:36 bkr-idm1 systemd[1]: Starting FreeRADIUS multi-protocol policy server... -- Subject: Unit freeradius.service has begun start-up -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has begun starting up. Mai 11 09:30:36 bkr-idm1 freeradius[2150]: FreeRADIUS Version 3.0.12 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Copyright (C) 1999-2016 The FreeRADIUS server project and contributors Mai 11 09:30:36 bkr-idm1 freeradius[2150]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mai 11 09:30:36 bkr-idm1 freeradius[2150]: PARTICULAR PURPOSE Mai 11 09:30:36 bkr-idm1 freeradius[2150]: You may redistribute copies of FreeRADIUS under the terms of the Mai 11 09:30:36 bkr-idm1 freeradius[2150]: GNU General Public License Mai 11 09:30:36 bkr-idm1 freeradius[2150]: For more information about these matters, see the file named COPYRIGHT Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Starting - reading configuration files ... Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Debugger not attached Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute Unix-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Creating attribute LDAP-Group Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output Mai 11 09:30:36 bkr-idm1 freeradius[2150]: tls: Using cached TLS configuration from previous invocation Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: [/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT". Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_mschap (mschap): authenticating by calling 'ntlm_auth' Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap: libldap vendor: OpenLDAP, version: 20445 Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Initialising connection pool Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Ignoring "sql" (see raddb/mods-available/README.rst) Mai 11 09:30:36 bkr-idm1 freeradius[2150]: radiusd: #### Skipping IP addresses and Ports #### Mai 11 09:30:36 bkr-idm1 freeradius[2150]: Configuration appears to be OK Mai 11 09:30:36 bkr-idm1 freeradius[2150]: rlm_ldap (ldap): Removing connection pool Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Control process exited, code=exited status=1 Mai 11 09:30:36 bkr-idm1 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server. -- Subject: Unit freeradius.service has failed -- Defined-By: systemd -- Support: https://www.debian.org/support -- -- Unit freeradius.service has failed. -- -- The result is failed. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Unit entered failed state. Mai 11 09:30:36 bkr-idm1 systemd[1]: freeradius.service: Failed with result 'exit-code'.
The configuration of my virtual servers and the clients.conf should be ok. While configuring the virtual servers i got a few error messages from the command journalctl -xe. If i just use one virtual server everthing works fine.
A little bit of helf would be appreciated.
Regards,
Simon Dankau - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alejandro Perez-Mendez Technical Specialist (AAA), Trust & Identity Skype alejandro_perez_mendez jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Simon,
radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } Failed binding to auth address * port 1812 bound to server custom: Address already in use /etc/freeradius/3.0/sites-enabled/custom[68]: Error binding to port for 0.0.0.0 port 1812
That means there is another server running on UDP/1812. Make sure you stop it before trying to run a new one. Best, Alex Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice
Hello Alex, i am getting that error even tho i have a working configuration. The system is running if i have one virtual server under "sites-enabled". If i configure a second server there, i am getting the first shown error messages. I can't even see which service is using port 1812. The server only has freeRadius installed. So it is a bit strange. Mit freundlichen Grüßen Simon Dankau RF-Computer Tel.: 0173 5400697 ________________________________ Von: Freeradius-Users <freeradius-users-bounces+sdankau=rf-computer.de@lists.freeradius.org> im Auftrag von Alejandro Perez-Mendez via Freeradius-Users <freeradius-users@lists.freeradius.org> Gesendet: Dienstag, 11. Mai 2021 12:43:02 An: freeradius-users@lists.freeradius.org Cc: Alejandro Perez-Mendez Betreff: Re: AW: Failed to start FreeRadius without Error Code Hi Simon,
radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } Failed binding to auth address * port 1812 bound to server custom: Address already in use /etc/freeradius/3.0/sites-enabled/custom[68]: Error binding to port for 0.0.0.0 port 1812
That means there is another server running on UDP/1812. Make sure you stop it before trying to run a new one. Best, Alex Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800. For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On May 11, 2021, at 8:17 AM, SImon Dankau <SDankau@rf-computer.de> wrote:
i am getting that error even tho i have a working configuration.
How do you know that the configuration is working?
The system is running if i have one virtual server under "sites-enabled". If i configure a second server there, i am getting the first shown error messages.
We don't need to see errors from systemd. They're not relevant. We need to see the debug output.
I can't even see which service is using port 1812. The server only has freeRadius installed. So it is a bit strange.
1812 is the port used by FreeRADIUS. So you have one of a few situations here: 1) there's already a copy of FreeRADIUS running 2) you've broken the configuration, and told the server to listen on port 1812... twice. So it opens the first port, and that's OK. But it then tries to open the second port, and sees that it's already in use. How did you create the second virtual server? Did you copy the "default" one? The more information you give us, the easier it is for us to help you. If your message is just "I did stuff and it doesn't work", then there's little we can do to help. As with any IT admin process, you need to have a systematic approach to tracking down the problem and solving it. Alan DeKok.
Hello Alan, we try to differentiate the Radius configuration between WLAN and VPN. The same groups should be queried in both configurations. I know it works because the first part of the configuration for the WLAN is already in use on a productive server and it works. To test the second part of the configuration and the interaction with the first part, the configuration is tested on a test environment. Port 1812 is used by Radius, that much I know. It was unclear whether Radius would use the port itself or whether another service would come before it. There is only one Radius configuration in our system, so a 2nd Radius server should be excluded. I would not rule out the possibility that the configuration was mixed up during the tests, but in between I re-imported the configuration files from the production environment. I copied the default configuration and adjusted it. Two different network areas with two different virtual servers are entered in the clients.conf file. One network for the access points (WiFi) and one network for the VPN machines. My tests so far: - FreeRadius-Server with WiFi configuration => works - FreeRadius-Server with VPN configuration => works partly, some issues with the port forwarding on our firewall - freshly installed FreeRadius-Server with WiFi and VPN configuration => does not work - changing the listen port in the virtual server to another port changes nothing I don't know all of the possible debug commands, so please tell me which one you need. Regards, Simon ________________________________ Von: Freeradius-Users <freeradius-users-bounces+sdankau=rf-computer.de@lists.freeradius.org> im Auftrag von Alan DeKok <aland@deployingradius.com> Gesendet: Dienstag, 11. Mai 2021 14:22:26 An: FreeRadius users mailing list Betreff: Re: Failed to start FreeRadius without Error Code On May 11, 2021, at 8:17 AM, SImon Dankau <SDankau@rf-computer.de> wrote:
i am getting that error even tho i have a working configuration.
How do you know that the configuration is working?
The system is running if i have one virtual server under "sites-enabled". If i configure a second server there, i am getting the first shown error messages.
We don't need to see errors from systemd. They're not relevant. We need to see the debug output.
I can't even see which service is using port 1812. The server only has freeRadius installed. So it is a bit strange.
1812 is the port used by FreeRADIUS. So you have one of a few situations here: 1) there's already a copy of FreeRADIUS running 2) you've broken the configuration, and told the server to listen on port 1812... twice. So it opens the first port, and that's OK. But it then tries to open the second port, and sees that it's already in use. How did you create the second virtual server? Did you copy the "default" one? The more information you give us, the easier it is for us to help you. If your message is just "I did stuff and it doesn't work", then there's little we can do to help. As with any IT admin process, you need to have a systematic approach to tracking down the problem and solving it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Support & Services<http://www.freeradius.org/list/users.html> www.freeradius.org The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.
On 11/05/2021 14:16, SImon Dankau wrote:
Port 1812 is used by Radius, that much I know. It was unclear whether Radius would use the port itself or whether another service would come before it. There is only one Radius configuration in our system, so a 2nd Radius server should be excluded.
As you've already been told, this is pretty much certain that you've got another freeradius process running. Use e.g. ps ax | grep radius to find it, then kill it off with `kill`. -- Matthew
On May 11, 2021, at 9:16 AM, SImon Dankau <SDankau@rf-computer.de> wrote:
we try to differentiate the Radius configuration between WLAN and VPN. The same groups should be queried in both configurations. I know it works because the first part of the configuration for the WLAN is already in use on a productive server and it works. To test the second part of the configuration and the interaction with the first part, the configuration is tested on a test environment. Port 1812 is used by Radius, that much I know. It was unclear whether Radius would use the port itself or whether another service would come before it.
I have no idea what that means. There's no other service which "comes before" another one.
There is only one Radius configuration in our system, so a 2nd Radius server should be excluded. I would not rule out the possibility that the configuration was mixed up during the tests, but in between I re-imported the configuration files from the production environment. I copied the default configuration and adjusted it. Two different network areas with two different virtual servers are entered in the clients.conf file. One network for the access points (WiFi) and one network for the VPN machines. My tests so far: - FreeRadius-Server with WiFi configuration => works - FreeRadius-Server with VPN configuration => works partly, some issues with the port forwarding on our firewall - freshly installed FreeRadius-Server with WiFi and VPN configuration => does not work - changing the listen port in the virtual server to another port changes nothing
That's all nice, but does the bare minimum to answer my question. "I did a bunch of stuff. Some works, some doesn't" What do you think we can do with that information?
I don't know all of the possible debug commands, so please tell me which one you need.
We need the debug output from the server, when it starts and runs. NOT when it fails to run because there's already another server listening on port 1812. Alan DeKok.
I am sorry for the layout, it seems to have merged all sections into one.... ________________________________ Von: Freeradius-Users <freeradius-users-bounces+sdankau=rf-computer.de@lists.freeradius.org> im Auftrag von Alan DeKok <aland@deployingradius.com> Gesendet: Dienstag, 11. Mai 2021 14:22:26 An: FreeRadius users mailing list Betreff: Re: Failed to start FreeRadius without Error Code On May 11, 2021, at 8:17 AM, SImon Dankau <SDankau@rf-computer.de> wrote:
i am getting that error even tho i have a working configuration.
How do you know that the configuration is working?
The system is running if i have one virtual server under "sites-enabled". If i configure a second server there, i am getting the first shown error messages.
We don't need to see errors from systemd. They're not relevant. We need to see the debug output.
I can't even see which service is using port 1812. The server only has freeRadius installed. So it is a bit strange.
1812 is the port used by FreeRADIUS. So you have one of a few situations here: 1) there's already a copy of FreeRADIUS running 2) you've broken the configuration, and told the server to listen on port 1812... twice. So it opens the first port, and that's OK. But it then tries to open the second port, and sees that it's already in use. How did you create the second virtual server? Did you copy the "default" one? The more information you give us, the easier it is for us to help you. If your message is just "I did stuff and it doesn't work", then there's little we can do to help. As with any IT admin process, you need to have a systematic approach to tracking down the problem and solving it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan DeKok -
Alejandro Perez-Mendez -
Matthew Newton -
SImon Dankau