General question about RadSec implementation on FR 3.2.x
Dominic Stalder
dominic.stalder at bluewin.ch
Sat Apr 19 17:26:05 UTC 2025
Hi Alan
1. thanks, in fact, I did not know that
2. but I also sent the respective output of "radiusd -fxx -l stdout“ in my email before and got the following error instead (see full output below), as recommended in the „freeradius -X“ output:
Failed opening auth address :: port 1812 bound to server default: Address family not supported by protocol
/usr/local/etc/raddb/sites-enabled/default[246]: Error binding to port for :: port 1812
_EXIT(1) CALLED src/main/process.c[6325]. Last error was: /usr/local/lib/proto_auth.so: cannot open shared object file: No such file or directory
3. At the same time, I just recognized, that when I started the debug output with "radiusd …“, it shows me output of FR 3.2.5:
root at id-radiustest1:/etc/freeradius/sites-enabled# radiusd -fxx -l stdout
FreeRADIUS Version 3.2.5
…
BUT I have FR 3.2.7 in place and started it with „freeradius -fxx -l stdout“ instead and now the correct FR instance is trying to start:
root at id-radiustest1:/etc/freeradius/sites-enabled# freeradius -fxx -l stdout
FreeRADIUS Version 3.2.7
…
But still I get the following error:
check_client_connections = no
Thread 5 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread 4 waiting to be assigned a request
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
Thread 2 waiting to be assigned a request
Thread 1 waiting to be assigned a request
Failed binding to auth+acct address * port 2083 (TLS) bound to server default: Address already in use
/etc/freeradius/sites-enabled/tls[44]: Error binding to port for 0.0.0.0 port 2083
—> After killing the manually started FR 3.2.5 process, I now can start FR 3.2.7 with TLS succesfully:
root at id-radiustest1:/etc/freeradius/sites-enabled# freeradius -fxx -l stdout
FreeRADIUS Version 3.2.7
...
Listening on auth+acct proto tcp address * port 2083 (TLS) bound to server default
Listening on command file /var/run/freeradius/control/freeradius.sock
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on status address 127.0.0.1 port 18121 bound to server status
Listening on proxy address * port 57758
Ready to process requests
Thanks for somehow showing the right direction, even I don’t understand, why FR 3.2.5 is still in place when starting with „freerad -fxx -l stdout“ instead of „freeradius -fxx-l stdout“, any idea how I can cleanup this version situation on our freeradius server?
Regards
Dominic
> Am 19.04.2025 um 17:08 schrieb Alan DeKok <aland at deployingradius.com>:
>
> On Apr 19, 2025, at 10:33 AM, Dominic Stalder <dominic.stalder at bluewin.ch> wrote:
>>
>> Maybe any idea / recommendations on the „threading error“ while starting freeradius with the new TLS configuration?
>> ...
>>
>>> Follow up on the radsec configuration: I configured /etc/freeradius/sites-available/tls but get the following error while starting freeradius in debug mode (see debug output below):
>>>
>>>
>>> /etc/freeradius/sites-enabled/tls[44]: Threading must be enabled for TLS sockets to function properly
>>> /etc/freeradius/sites-enabled/tls[44]: You probably need to do 'radiusd -fxx -l stdout' for debugging
>>>
>>> I checked the global freeradius daemon configuration and threading shoudl be enabled: /etc/freeradius/radiusd.conf
>
> When you use -X, that also sets the "no threads" flag. Use -fxx -l stdout instead, as the debug output suggests.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list