Problems with using Freeradius as systemd (Mark Antony)
Mark Antony
mark.antony.4 at protonmail.com
Tue Apr 20 14:51:36 CEST 2021
Hi Doug,
It is true, forking works for me too. But I experience some anomalies with it. Hence I wanted to do it the right way.
Based on my research Type=forking defeats the purpose when you already have a systemd in place which is already daemonised.
I ended up using Freeradius 3.0.21 backported packages for Debian 10.9. It works as it should without the anomalies and it uses type=notify as it should.
Thanks,
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, 20 April 2021 13:13, Doug Wussler via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> > Type=notify
> > NotifyAccess=all
> > ExecStartPre=/usr/local/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout
>
> 1. Try it without the "-m" flag, that causes a fatal error for us too but everything works fine without it.
> 2. If that still doesn't work, try "Type=forking", that is what we use.
>
> However, we are on version 3.0.20 and use RHEL 7 so this may not be helpful at all!
>
> Doug
>
>
> From: Freeradius-Users freeradius-users-bounces+doug.wussler=fsu.edu at lists.freeradius.org on behalf of freeradius-users-request at lists.freeradius.org freeradius-users-request at lists.freeradius.org
> Sent: Tuesday, April 20, 2021 5:57 AM
> To: freeradius-users at lists.freeradius.org freeradius-users at lists.freeradius.org
> Subject: Freeradius-Users Digest, Vol 192, Issue 25
>
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://urldefense.com/v3/http://lists.freeradius.org/mailman/listinfo/freeradius-users;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksdDLiKb0$
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
> Today's Topics:
>
> 1. Recreate detail file for buffered-sql (Ángel L. Mateo)
> 2. Re: Recreate detail file for buffered-sql (Alan DeKok)
> 3. Problems with using Freeradius as systemd (Mark Antony)
> 4. Re: Problems with using Freeradius as systemd (Marki)
> 5. Re: Problems with using Freeradius as systemd (Mark Antony)
> 6. Re: Problems with using Freeradius as systemd (Alan DeKok)
> 7. Authentication with Vendor-Specific Attribute (Daniel Kastner)
>
>
> Message: 1
> Date: Mon, 19 Apr 2021 13:47:34 +0200
> From: Ángel L. Mateo amateo at um.es
> To: freeradius-users at lists.freeradius.org
> Subject: Recreate detail file for buffered-sql
> Message-ID: 160d4852-1e57-9990-7ddc-87eaca55d6b5 at um.es
>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hello,
>
> I have freeradius configured in eduroam to create a detail buffered
> wich is read by a buffered-sql site to dump connection logs to a mysql.
>
> My problem is that I have wrongly delete the buffered file that is
> created to dump these entries, but I already have the original detail files.
>
> Is there any way to recreate the dump file? May a copy from the detail
> file to the buffered input be enough?
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Angel L. Mateo Martínez
> Sección de Telemática
> Área de Tecnologías de la Información
> y las Comunicaciones Aplicadas (ATICA)
> https://urldefense.com/v3/http://www.um.es/atica;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksQJXyUZA$
> Tfo: 868889150
> Fax: 868888337
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Message: 2
> Date: Mon, 19 Apr 2021 07:57:12 -0400
> From: Alan DeKok aland at deployingradius.com
> To: FreeRadius users mailing list
> freeradius-users at lists.freeradius.org
> Subject: Re: Recreate detail file for buffered-sql
> Message-ID: C8B4CC0D-31BC-4488-B98D-6B3B0C2B526B at deployingradius.com
> Content-Type: text/plain; charset=utf-8
>
> On Apr 19, 2021, at 7:47 AM, Ángel L. Mateo amateo at um.es wrote:
>
> > I have freeradius configured in eduroam to create a detail buffered wich is read by a buffered-sql site to dump connection logs to a mysql.
> >
> > My problem is that I have wrongly delete the buffered file that is created to dump these entries, but I already have the original detail files.
> >
> > Is there any way to recreate the dump file? May a copy from the detail file to the buffered input be enough?
> >
>
> Yes, that should work.
>
> Alan DeKok.
>
>
> ---------------------------------------
>
> Message: 3
> Date: Mon, 19 Apr 2021 16:41:57 +0000
> From: Mark Antony mark.antony.4 at protonmail.com
> To: Mark Antony via Freeradius-Users
> freeradius-users at lists.freeradius.org
> Subject: Problems with using Freeradius as systemd
> Message-ID:
> igsApmMp7QigHcc9VIXqLPKgPeQedMCHRaChTWJiDi6hMiUf0BBJ2y1XMBVGxhp-9qwc-yDd91EjHxb3Flal78kiX7hCFVUi33XuJJuIhlM=@protonmail.com
>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> I have compiled Freeradius 3.0.21 successfully and can run it perfectly as radiusd -X.
> However when I want to run it as Systemd it doesn't work.
>
> This is how I have compiled it under Debian 10.9. Do I have to enable any special flag to support systemd?
>
> wget https://urldefense.com/v3/ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.21.tar.gz;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksCvtTkJ4$
> tar -xvzf freeradius-server-3.0.21.tar.gz
> cd freeradius-server-3.0.21
> sudo ./configure
> sudo make
> sudo make install
>
> /lib/systemd/system/freeradius.service:
> [Unit]
> Description=FreeRADIUS multi-protocol policy server
> After=network.target
>
> [Service]
> Type=notify
> NotifyAccess=all
> EnvironmentFile=-/usr/local/freeradius
> ExecStartPre=/usr/local/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout
> ExecStart=/usr/local/sbin/radiusd -f $FREERADIUS_OPTIONS
> Restart=on-failure
> RestartSec=5
>
> [Install]
> WantedBy=multi-user.target
>
> Nothing obvious in syslog:
> Apr 19 16:29:25 us-sfo-2 systemd[1]: freeradius.service: Start operation timed out. Terminating.
> Apr 19 16:29:25 us-sfo-2 systemd[1]: freeradius.service: Failed with result 'timeout'.
> Apr 19 16:29:25 us-sfo-2 systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.
>
> Neither anything useful in journal -x
> -- The job identifier is 6355.
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: FreeRADIUS Version 3.0.21
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: PARTICULAR PURPOSE
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: You may redistribute copies of FreeRADIUS under the terms of the
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: GNU General Public License
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: For more information about these matters, see the file named COPYRIGHT
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Starting - reading configuration files ...
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Debugger not attached
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Built without support for systemd watchdog, but running under systemd.
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Creating attribute SQL-Group
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Creating attribute Unix-Group
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Please use tls_min_version and tls_max_version instead of disable_tlsv1
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: Please use tls_min_version and tls_max_version instead of disable_tlsv1_2
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: tls: Using cached TLS configuration from previous invocation
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: tls: Using cached TLS configuration from previous invocation
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql_mysql: libmysql version: 10.5.9
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Attempting to connect to database "radius_db"
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Initialising connection pool
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Processing generate_sql_clients
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare"
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql (sql): Opening additional connection (0), 1 of 1 pending slots used
> Apr 19 16:37:31 us-sfo-2 radiusd[6129]: rlm_sql_mysql: Starting connect to MySQL server
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Reserved connection (0)
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Released connection (0)
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_mschap (mschap): using internal authentication
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: Ignoring "ldap" (see raddb/mods-available/README.rst)
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:336
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: radiusd: #### Skipping IP addresses and Ports ####
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: Configuration appears to be OK
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Removing connection pool
> Apr 19 16:37:32 us-sfo-2 radiusd[6129]: rlm_sql (sql): Closing connection (0)
> Apr 19 16:37:44 us-sfo-2 sudo[6138]: admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/journalctl -xe
> Apr 19 16:37:44 us-sfo-2 sudo[6138]: pam_unix(sudo:session): session opened for user root by admin(uid=0)
>
> I would really appreciate your help on this.
> Thank you
> Mark
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Message: 4
> Date: Mon, 19 Apr 2021 18:55:17 +0200
> From: Marki jm+freeradiususer at roth.lu
> To: Mark Antony mark.antony.4 at protonmail.com, FreeRadius users
>
> mailing list <freeradius-users at lists.freeradius.org>
>
>
> Subject: Re: Problems with using Freeradius as systemd
> Message-ID: 597410e7-7052-d279-68c8-3b396e1bc529 at roth.lu
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> In the output you posted (and read before posting I guess), the
> following message related to systemd seems to stand out:
>
> On 4/19/2021 6:41 PM, Mark Antony via Freeradius-Users wrote:
>
> > Built without support for systemd watchdog, but running under systemd.
>
> --
>
> Message: 5
> Date: Mon, 19 Apr 2021 17:10:17 +0000
> From: Mark Antony mark.antony.4 at protonmail.com
> To: Marki jm+freeradiususer at roth.lu
> Cc: FreeRadius users mailing list
> freeradius-users at lists.freeradius.org
> Subject: Re: Problems with using Freeradius as systemd
> Message-ID:
> 1hoyh1PuSjIev4BQsHbylE1DyxRuFzQxZEVDyVj9iP6bLY1OCwrXDg-PVpPVxWqLtJ0Iu_cBFcncI17Xzy2TBOSGexe18RXhVIHkdxUHRr4=@protonmail.com
>
> Content-Type: text/plain; charset=utf-8
>
> Thank you. Hence my question do I need a special flag during compilation to enable systemd support?
>
> https://urldefense.com/v3/https://wiki.freeradius.org/building/Debian20and20Ubuntu*building-the-stable-release-v3-0_installing-build-dependencies;JSUj!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksr-ZrTt0$
>
> I can't find anything on the wiki.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, 19 April 2021 17:55, Marki jm+freeradiususer at roth.lu wrote:
>
> > In the output you posted (and read before posting I guess), the
> > following message related to systemd seems to stand out:
> > On 4/19/2021 6:41 PM, Mark Antony via Freeradius-Users wrote:
> >
> > > Built without support for systemd watchdog, but running under systemd.
>
> --
>
> Message: 6
> Date: Mon, 19 Apr 2021 13:11:16 -0400
> From: Alan DeKok aland at deployingradius.com
> To: Mark Antony mark.antony.4 at protonmail.com, FreeRadius users
>
> mailing list <freeradius-users at lists.freeradius.org>
>
>
> Subject: Re: Problems with using Freeradius as systemd
> Message-ID: B0046418-E424-4BDB-BD63-8F715A29B93B at deployingradius.com
> Content-Type: text/plain; charset=us-ascii
>
> On Apr 19, 2021, at 1:10 PM, Mark Antony via Freeradius-Users freeradius-users at lists.freeradius.org wrote:
>
> > Thank you. Hence my question do I need a special flag during compilation to enable systemd support?
> > https://urldefense.com/v3/https://wiki.freeradius.org/building/Debian20and20Ubuntu*building-the-stable-release-v3-0_installing-build-dependencies;JSUj!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksr-ZrTt0$
>
> You need to install the dependencies that systemd needs. See the output of "configure".
>
> Alan DeKok.
>
>
> --------------------------------------------------------------------------------------------------------
>
> Message: 7
> Date: Tue, 20 Apr 2021 09:57:41 +0000
> From: Daniel Kastner daniel.kastner at karakun.com
> To: "freeradius-users at lists.freeradius.org"
> freeradius-users at lists.freeradius.org
> Subject: Authentication with Vendor-Specific Attribute
> Message-ID:
> AM7P189MB1105C5B7A21199A1F7DB6C0D8D489 at AM7P189MB1105.EURP189.PROD.OUTLOOK.COM
>
> Content-Type: text/plain; charset="us-ascii"
>
> I'm totally new to this (free)Radius stuff and trying to achieve authentication based on a vendor-specific attribute send by the client.
>
> I've add the custom attribute in a new dictionary file /opt/share/freeradius/dictionary.myvendor:
>
> VENDOR MyVendor 16132
> BEGIN-VENDOR MyVendor
> ATTRIBUTE MyVendor -OneTimePassword 1 string
> END-VENDOR MyVendor
>
> Included it in the /opt/share/freeradius/dictionary:
>
> $INCLUDE dictionary.myvendor
>
> And now trying the following in file /opt/etc/raddb/mods-config/files/authorize:
>
> bob Cleartext-Password := "hello"
> if( &MyVendor-OneTimePassword == "123456" ) {
> Auth-Type := Accept
> Reply-Message := "Hello %{User-Name}, great to have you here!"
> } else {
> Auth-Type := Reject
> Reply-Message := "Sorry %{User-Name}, wrong OTP"
> }
>
> But when I start the server it quits with the following message:
>
> reading pairlist file /opt/etc/raddb/mods-config/files/authorize
> /opt/etc/raddb/mods-config/files/authorize[2]: Parse error (reply) for entry bob: Expecting operator
> Failed reading /opt/etc/raddb/mods-config/files/authorize
> /opt/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
>
> Any advice?
>
>
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Subject: Digest Footer
>
> -------------------------
>
> List info/subscribe/unsubscribe? See https://urldefense.com/v3/http://www.freeradius.org/list/users.html;!!PhOWcWs!n9CwfbRCHf1pDE4xL-X_HkWRJj-kb1RMGzqdd2uyHdB_fE4IpivbPhD0z-ksa2J-lWk$
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> End of Freeradius-Users Digest, Vol 192, Issue 25
>
> -
>
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list