Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore

Harald Hannelius harald.hannelius at arcada.fi
Thu Dec 17 13:52:27 CET 2020 

On Thu, 17 Dec 2020, Alan DeKok wrote:
> On Dec 17, 2020, at 7:34 AM, Harald Hannelius <harald.hannelius at arcada.fi> wrote:
>> I performed a dist-upgrade on a Debian 9 running freeradius-3.0.12, thus going to Debian 10 and freeradius-3.0.17.
>>
>> I haven't touched the config, nor did I allow the dist-upgrade to do any changes.
>
>  *Any* changes?  Like maybe add FW rules?

No changes. No firewall rules. Talking to localhost.

I noted that the Debian 9.0 freeradius-3.0.12 freeradius -X output ends with 
this;

    }
}
Listening on command file /var/run/freeradius/freeradius.sock
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 46685
Listening on proxy address :: port 59709
Ready to process requests


Whereas the Debian 10.0 freeradius 3.0.17 freeradius X output ends with;

  listen {
         socket = "/var/run/freeradius/freeradius.sock"
         peercred = yes
  }
}
Listening on command file /var/run/freeradius/freeradius.sock
Ready to process requests


No wonder I don't get any replies on the network :)

>> After the upgrade freeradius starts, but doesn't reply on the network. I 
>> have tested with radtest, and it always just prints three tries and ends 
>> with "(0) No reply from server for ID 120 socket 3". I have done the 
>> tests with both -4 and -6.
>
>  See the firewall.  Or maybe SELinux.  There is nothing in the server which says "ignore all input packets".

No iptables-rules defined on this server.

   # dpkg --get-selections|grep selinux
   libselinux1:amd64				install

I don't seem to have gotten SElinux on this server.

I think that apparmor always outpus something in the kernel ring buffer, I 
can't see anything about freeradius using 'dmesg'.

I will have to run a diff on the config before and after upgrade, and check 
everything. I suspect the Debian upgrade did something it shouldn't have.

I might as well be barking up the wrong tree here, have to jog over to the 
Debian-tree perhaps.

-- 

Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020

More information about the Freeradius-Users mailing list