Issue with PAP/LDAP authentication after upgrade FR 2.0.5 to FR 2.1.1

John Dennis jdennis at
Wed Dec 3 19:29:13 CET 2008

Thibault Le Meur wrote:
> T
> I've searched and finally found out what occured. I'm using Fedora 
> Core 9 and after the FR package update here is what occured: a lot of 
> files including module files from the new RPM package were added as 
> /etc/raddb/modules/<modulename>.rpmnew
> So at startup here is what is loaded:
> ...
> including configuration file /etc/raddb/modules/pap.rpmnew
> ...
> including configuration file /etc/raddb/modules/pap
> ...
> Most of my setup was working because I use specific instance of the 
> modules such as "ldap-mycompany" and not the default "ldap" name. 
> However, I use the std name for the pap module... I may change this in 
> the future to avoid such issues after upgrade.
> I don't know if I should report this to the package maintainer or not.
> What do you think ?

I'm here :-)

The files under /etc/raddb/modules are configuration files. 
Configuration files by definition are available for editing. It is 
usually considered bad practice for rpm during an upgrade to overwrite 
user modified configuration files. If rpm thinks a configuration file 
has been modified instead of overwriting the configuration file with the 
version from the new package it instead lays a new copy of that file 
down with the .rpmnew extension. It's your job as a system administrator 
to pay attention to the presence of .rpmnew files, during installation 
it will warn you such files were created which is your signal to 
investigate. If you miss the warnings you should still periodically 
check under /etc for the presence of .rpmnew files and .rpmsave by the 
same token.

Now having said that, it's entirely possible there is a packaging 
problem and the .rpmnew files should not have been created, I'll go off 
and take a look at that issue. My recollection is that rpm is smart 
enough to detect the case where the old version of a config file differs 
from the new version but the old version was not locally edited. I 
believe this is case you're describing. In this instance rpm should 
replace the config files and not generate a .rpmnew. Did you edit the 
pap config file in any manner?

John Dennis <jdennis at>

More information about the Freeradius-Users mailing list