Getting error only when *not* running in debug mode....

Mark J. Bobak mark at bobak.net
Thu Jun 17 01:13:21 CEST 2021


Hi all,

I've been a happy FreeRadius user for over 3 years now.  I have had 3.0.13
running for that entire time with no complaints.   (I've been using it w/ a
Sonicwall to do 2-factor authentication for VPN login.)

Recently, I've been revisiting the installation, and I thought, rather than
making changes to a very stable and reliable system,  I'd spin up a new
installation with the latest version of FreeRadius (3.0.23).

So, my new server is running Ubuntu 20.04 and using the NetworkRadius
packages to install freeradius 3.0.23.  I have also installed
libpam-google-authenticatior, and integrated it according to these steps:
https://networkjutsu.com/freeradius-google-authenticator/

This seems to have worked fine.  I was running freeradius manually, with
debug (-X) enabled, and everything seemed to be working fine.
sudo /usr/sbin/freeradius -X

So, I killed freeradius (CTRL-C), and tried:
sudo service freeradius start
It started up fine.

But, now when I try authenticating (using radtest):
radtest mbobak redacted123456 localhost:1812 0 'redacted'

I get Access-Rejected
Looking at the log file, /var/log/freeradius/radius.log, I see:
Wed Jun 16 22:42:54 2021 : Info: Ready to process requests
Wed Jun 16 22:43:27 2021 : ERROR: (0) pam: ERROR: PAM conversation failed
Wed Jun 16 22:43:27 2021 : ERROR: (0) pam: ERROR: Error "Read-only file
system" while writing config
Wed Jun 16 22:43:27 2021 : ERROR: (0) pam: ERROR: pam_authenticate failed:
Authentication failure
Wed Jun 16 22:43:27 2021 : Auth: (0) Login incorrect (pam: PAM conversation
failed): [mbobak/Akosama30404615] (from client localhost port 0)

The only read-only filesystems do not appear to be relevant to the
freeradius installation:
 mount | grep ro,
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
/var/lib/snapd/snaps/amazon-ssm-agent_3552.snap on
/snap/amazon-ssm-agent/3552 type squashfs (ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/core18_1997.snap on /snap/core18/1997 type squashfs
(ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/lxd_19647.snap on /snap/lxd/19647 type squashfs
(ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/snapd_12057.snap on /snap/snapd/12057 type squashfs
(ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/core18_2066.snap on /snap/core18/2066 type squashfs
(ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/lxd_20326.snap on /snap/lxd/20326 type squashfs
(ro,nodev,relatime,x-gdu.hide)
/var/lib/snapd/snaps/snapd_12159.snap on /snap/snapd/12159 type squashfs
(ro,nodev,relatime,x-gdu.hide)

But, even though it's reporting a read-only filesystem error, I'm thinking
it could be a permission problem on some file?

But, I'm really baffled by the system working when I run freeradius
manually, but only errors when I run it from the service.

Any help would be appreciated.

Thanks,

-Mark


More information about the Freeradius-Users mailing list