Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore

Harald Hannelius harald.hannelius at arcada.fi
Thu Dec 17 14:02:16 CET 2020



Yes, that bit me quite a while when I did the last upgrade :)

This is an upgrade from 3.0.12 -> 3.0.17, I really really hope that this 
wouldn't meen a change like that.

On Thu, 17 Dec 2020, L.P.H. van Belle via Freeradius-Users wrote:

> Didnt debian switch from a "one" config to "includes"
>
> .. like do you see /etc/freeradius/3.0/
>
> i think its something like that.
>
>
>> -----Oorspronkelijk bericht-----
>> Van: Freeradius-Users [mailto:freeradius-users-
>> bounces+belle=bazuin.nl at lists.freeradius.org] Namens Harald Hannelius
>> Verzonden: donderdag 17 december 2020 13:52
>> Aan: FreeRadius users mailing list
>> Onderwerp: Re: Upgraded 3.0.12 -> 3.0.17. Doesn't answer anymore
>>
>>
>> On Thu, 17 Dec 2020, Alan DeKok wrote:
>>> On Dec 17, 2020, at 7:34 AM, Harald Hannelius
>> <harald.hannelius at arcada.fi> wrote:
>>>> I performed a dist-upgrade on a Debian 9 running freeradius-3.0.12,
>> thus going to Debian 10 and freeradius-3.0.17.
>>>>
>>>> I haven't touched the config, nor did I allow the dist-upgrade to do
>> any changes.
>>>
>>>  *Any* changes?  Like maybe add FW rules?
>>
>> No changes. No firewall rules. Talking to localhost.
>>
>> I noted that the Debian 9.0 freeradius-3.0.12 freeradius -X output ends
>> with
>> this;
>>
>>     }
>> }
>> Listening on command file /var/run/freeradius/freeradius.sock
>> Listening on auth address * port 1812 bound to server default
>> Listening on acct address * port 1813 bound to server default
>> Listening on auth address :: port 1812 bound to server default
>> Listening on acct address :: port 1813 bound to server default
>> Listening on proxy address * port 46685
>> Listening on proxy address :: port 59709
>> Ready to process requests
>>
>>
>> Whereas the Debian 10.0 freeradius 3.0.17 freeradius X output ends with;
>>
>>   listen {
>>          socket = "/var/run/freeradius/freeradius.sock"
>>          peercred = yes
>>   }
>> }
>> Listening on command file /var/run/freeradius/freeradius.sock
>> Ready to process requests
>>
>>
>> No wonder I don't get any replies on the network :)
>>
>>>> After the upgrade freeradius starts, but doesn't reply on the network.
>> I
>>>> have tested with radtest, and it always just prints three tries and
>> ends
>>>> with "(0) No reply from server for ID 120 socket 3". I have done the
>>>> tests with both -4 and -6.
>>>
>>>  See the firewall.  Or maybe SELinux.  There is nothing in the server
>> which says "ignore all input packets".
>>
>> No iptables-rules defined on this server.
>>
>>    # dpkg --get-selections|grep selinux
>>    libselinux1:amd64				install
>>
>> I don't seem to have gotten SElinux on this server.
>>
>> I think that apparmor always outpus something in the kernel ring buffer, I
>> can't see anything about freeradius using 'dmesg'.
>>
>> I will have to run a diff on the config before and after upgrade, and
>> check
>> everything. I suspect the Debian upgrade did something it shouldn't have.
>>
>> I might as well be barking up the wrong tree here, have to jog over to the
>> Debian-tree perhaps.
>>
>> --
>>
>> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-- 

Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020


More information about the Freeradius-Users mailing list