Problems with using Freeradius as systemd (Mark Antony)

Doug Wussler doug.wussler at fsu.edu
Tue Apr 20 14:13:51 CEST 2021


> Type=notify
> NotifyAccess=all
> ExecStartPre=/usr/local/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout


  1.  Try it without the "-m" flag, that causes a fatal error for us too but everything works fine without it.
  2.  If that still doesn't work, try "Type=forking", that is what we use.

However, we are on version 3.0.20 and use RHEL 7 so this may not be helpful at all!

Doug



________________________________
From: Freeradius-Users <freeradius-users-bounces+doug.wussler=fsu.edu at lists.freeradius.org> on behalf of freeradius-users-request at lists.freeradius.org <freeradius-users-request at lists.freeradius.org>
Sent: Tuesday, April 20, 2021 5:57 AM
To: freeradius-users at lists.freeradius.org <freeradius-users at lists.freeradius.org>
Subject: Freeradius-Users Digest, Vol 192, Issue 25

Send Freeradius-Users mailing list submissions to
        freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://urldefense.com/v3/__http://lists.freeradius.org/mailman/listinfo/freeradius-users__;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksdDLiKb0$
or, via email, send a message with subject or body 'help' to
        freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
        freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Recreate detail file for buffered-sql (Ángel L. Mateo)
   2. Re: Recreate detail file for buffered-sql (Alan DeKok)
   3. Problems with using Freeradius as systemd (Mark Antony)
   4. Re: Problems with using Freeradius as systemd (Marki)
   5. Re: Problems with using Freeradius as systemd (Mark Antony)
   6. Re: Problems with using Freeradius as systemd (Alan DeKok)
   7. Authentication with Vendor-Specific Attribute (Daniel Kastner)


----------------------------------------------------------------------

Message: 1
Date: Mon, 19 Apr 2021 13:47:34 +0200
From: Ángel L. Mateo <amateo at um.es>
To: freeradius-users at lists.freeradius.org
Subject: Recreate detail file for buffered-sql
Message-ID: <160d4852-1e57-9990-7ddc-87eaca55d6b5 at um.es>
Content-Type: text/plain; charset=utf-8; format=flowed

Hello,

        I have freeradius configured in eduroam to create a detail buffered
wich is read by a buffered-sql site to dump connection logs to a mysql.

        My problem is that I have wrongly delete the buffered file that is
created to dump these entries, but I already have the original detail files.

        Is there any way to recreate the dump file? May a copy from the detail
file to the buffered input be enough?

--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
https://urldefense.com/v3/__http://www.um.es/atica__;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksQJXyUZA$
Tfo: 868889150
Fax: 868888337


------------------------------

Message: 2
Date: Mon, 19 Apr 2021 07:57:12 -0400
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: Recreate detail file for buffered-sql
Message-ID: <C8B4CC0D-31BC-4488-B98D-6B3B0C2B526B at deployingradius.com>
Content-Type: text/plain;       charset=utf-8

On Apr 19, 2021, at 7:47 AM, Ángel L. Mateo <amateo at um.es> wrote:
>        I have freeradius configured in eduroam to create a detail buffered wich is read by a buffered-sql site to dump connection logs to a mysql.
>
>        My problem is that I have wrongly delete the buffered file that is created to dump these entries, but I already have the original detail files.
>
>        Is there any way to recreate the dump file? May a copy from the detail file to the buffered input be enough?

  Yes, that should work.

  Alan DeKok.




------------------------------

Message: 3
Date: Mon, 19 Apr 2021 16:41:57 +0000
From: Mark Antony <mark.antony.4 at protonmail.com>
To: Mark Antony via Freeradius-Users
        <freeradius-users at lists.freeradius.org>
Subject: Problems with using Freeradius as systemd
Message-ID:
        <igsApmMp7QigHcc9VIXqLPKgPeQedMCHRaChTWJiDi6hMiUf0BBJ2y1XMBVGxhp-9qwc-yDd91EjHxb3Flal78kiX7hCFVUi33XuJJuIhlM=@protonmail.com>

Content-Type: text/plain; charset=utf-8

Hello,

I have compiled Freeradius 3.0.21 successfully and can run it perfectly as radiusd -X.
However when I want to run it as Systemd it doesn't work.

This is how I have compiled it under Debian 10.9. Do I have to enable any special flag to support systemd?

wget https://urldefense.com/v3/__ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.21.tar.gz__;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksCvtTkJ4$
tar -xvzf freeradius-server-3.0.21.tar.gz
cd freeradius-server-3.0.21
sudo ./configure
sudo make
sudo make install

/lib/systemd/system/freeradius.service:
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=network.target

[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/usr/local/freeradius
ExecStartPre=/usr/local/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/local/sbin/radiusd -f $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Nothing obvious in syslog:
Apr 19 16:29:25 us-sfo-2 systemd[1]: freeradius.service: Start operation timed out. Terminating.
Apr 19 16:29:25 us-sfo-2 systemd[1]: freeradius.service: Failed with result 'timeout'.
Apr 19 16:29:25 us-sfo-2 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.

Neither anything useful in journal -x
-- The job identifier is 6355.
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: FreeRADIUS Version 3.0.21
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: PARTICULAR PURPOSE
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: You may redistribute copies of FreeRADIUS under the terms of the
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: GNU General Public License
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: For more information about these matters, see the file named COPYRIGHT
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Starting - reading configuration files ...
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Debugger not attached
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Built without support for systemd watchdog, but running under systemd.
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Creating attribute SQL-Group
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Creating attribute Unix-Group
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Please use tls_min_version and tls_max_version instead of disable_tlsv1
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: tls: Using cached TLS configuration from previous invocation
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: tls: Using cached TLS configuration from previous invocation
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql_mysql: libmysql version: 10.5.9
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Attempting to connect to database "radius_db"
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Initialising connection pool
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Processing generate_sql_clients
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Opening additional connection (0), 1 of 1 pending slots used
Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql_mysql: Starting connect to MySQL server
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Reserved connection (0)
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Released connection (0)
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_mschap (mschap): using internal authentication
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: Ignoring "ldap" (see raddb/mods-available/README.rst)
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:336
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: radiusd: #### Skipping IP addresses and Ports ####
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: Configuration appears to be OK
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Removing connection pool
Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Closing connection (0)
Apr 19 16:37:44 us-sfo-2 sudo[6138]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Apr 19 16:37:44 us-sfo-2 sudo[6138]: pam_unix(sudo:session): session opened for user root by admin(uid=0)

I would really appreciate your help on this.
Thank you
Mark

------------------------------

Message: 4
Date: Mon, 19 Apr 2021 18:55:17 +0200
From: Marki <jm+freeradiususer at roth.lu>
To: Mark Antony <mark.antony.4 at protonmail.com>, FreeRadius users
        mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Problems with using Freeradius as systemd
Message-ID: <597410e7-7052-d279-68c8-3b396e1bc529 at roth.lu>
Content-Type: text/plain; charset=utf-8; format=flowed

In the output you posted (and read before posting I guess), the
following message related to systemd seems to stand out:

On 4/19/2021 6:41 PM, Mark Antony via Freeradius-Users wrote:
> Built without support for systemd watchdog, but running under systemd.


------------------------------

Message: 5
Date: Mon, 19 Apr 2021 17:10:17 +0000
From: Mark Antony <mark.antony.4 at protonmail.com>
To: Marki <jm+freeradiususer at roth.lu>
Cc: FreeRadius users mailing list
        <freeradius-users at lists.freeradius.org>
Subject: Re: Problems with using Freeradius as systemd
Message-ID:
        <1hoyh1PuSjIev4BQsHbylE1DyxRuFzQxZEVDyVj9iP6bLY1OCwrXDg-PVpPVxWqLtJ0Iu_cBFcncI17Xzy2TBOSGexe18RXhVIHkdxUHRr4=@protonmail.com>

Content-Type: text/plain; charset=utf-8

Thank you. Hence my question do I need a special flag during compilation to enable systemd support?


https://urldefense.com/v3/__https://wiki.freeradius.org/building/Debian*20and*20Ubuntu*building-the-stable-release-v3-0_installing-build-dependencies__;JSUj!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksr-ZrTt0$

I can't find anything on the wiki.




‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 19 April 2021 17:55, Marki <jm+freeradiususer at roth.lu> wrote:

> In the output you posted (and read before posting I guess), the
> following message related to systemd seems to stand out:
>
> On 4/19/2021 6:41 PM, Mark Antony via Freeradius-Users wrote:
>
> > Built without support for systemd watchdog, but running under systemd.





------------------------------

Message: 6
Date: Mon, 19 Apr 2021 13:11:16 -0400
From: Alan DeKok <aland at deployingradius.com>
To: Mark Antony <mark.antony.4 at protonmail.com>, FreeRadius users
        mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Problems with using Freeradius as systemd
Message-ID: <B0046418-E424-4BDB-BD63-8F715A29B93B at deployingradius.com>
Content-Type: text/plain;       charset=us-ascii

On Apr 19, 2021, at 1:10 PM, Mark Antony via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Thank you. Hence my question do I need a special flag during compilation to enable systemd support?
>
> https://urldefense.com/v3/__https://wiki.freeradius.org/building/Debian*20and*20Ubuntu*building-the-stable-release-v3-0_installing-build-dependencies__;JSUj!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksr-ZrTt0$

  You need to install the dependencies that systemd needs.  See the output of "configure".

  Alan DeKok.




------------------------------

Message: 7
Date: Tue, 20 Apr 2021 09:57:41 +0000
From: Daniel Kastner <daniel.kastner at karakun.com>
To: "freeradius-users at lists.freeradius.org"
        <freeradius-users at lists.freeradius.org>
Subject: Authentication with Vendor-Specific Attribute
Message-ID:
        <AM7P189MB1105C5B7A21199A1F7DB6C0D8D489 at AM7P189MB1105.EURP189.PROD.OUTLOOK.COM>

Content-Type: text/plain; charset="us-ascii"

I'm totally new to this (free)Radius stuff and trying to achieve authentication based on a vendor-specific attribute send by the client.

I've add the custom attribute in a new dictionary file /opt/share/freeradius/dictionary.myvendor:

VENDOR MyVendor 16132
BEGIN-VENDOR  MyVendor
ATTRIBUTE MyVendor -OneTimePassword 1 string
END-VENDOR MyVendor

Included it in the /opt/share/freeradius/dictionary:

$INCLUDE dictionary.myvendor

And now trying the following in file /opt/etc/raddb/mods-config/files/authorize:

bob Cleartext-Password := "hello"
  if( &MyVendor-OneTimePassword == "123456" ) {
    Auth-Type := Accept
    Reply-Message := "Hello %{User-Name}, great to have you here!"
  } else {
    Auth-Type := Reject
    Reply-Message := "Sorry %{User-Name}, wrong OTP"
}

But when I start the server it quits with the following message:

reading pairlist file /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-config/files/authorize[2]: Parse error (reply) for entry bob: Expecting operator
Failed reading /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

Any advice?


------------------------------

Subject: Digest Footer

-
List info/subscribe/unsubscribe? See https://urldefense.com/v3/__http://www.freeradius.org/list/users.html__;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksa2J-lWk$

------------------------------

End of Freeradius-Users Digest, Vol 192, Issue 25
*************************************************


More information about the Freeradius-Users mailing list