Radius 3.4

[Gareth]

I am getting the following error message, when I try to configure Radius on Zentyal 3.4.

The following modules failed while saving their changes, their state is unknown: radius The following modules failed while saving their changes, their state is unknown: radius at The following modules failed while saving their changes, their state is unknown: radius at /usr/share/perl5/EBox/GlobalImpl.pm line 735 EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x327eda0)', 'progress', 'EBox::ProgressIndicator=HASH(0x1f0b080)') called at /usr/share/perl5/EBox/Global.pm line 95 EBox::Global::AUTOLOAD('EBox::Global=HASH(0x327e5f0)', 'progress', 'EBox::ProgressIndicator=HASH(0x1f0b080)') called at /usr/share/zentyal/global-action line 32 eval {...} at /usr/share/zentyal/global-action line 30

Also within the dashboard the Radius service is stopped and I am unable to start the service.

Does anyone have any ideas or has anyone come across this problem.

Kind regards,

Gareth

[weißnix]

what does / var / log / freeradius / radius.log

[bragrabb]

Hi there!

I have the same problem. After upgrading to Zentyal 3.4, RADIUS will not start. In /var/log/freeradius/radius.log it says:

     Sat Apr 12 23:08:38 2014 : Error:   [ldap]  bind to ldap.your.domain:389 failed: Can't contact LDAP server
     Sat Apr 12 23:08:38 2014 : Error:   [ldap] (re)connection attempt failed

Everything else seems to be working fine.

Any suggestions for what might be the problem?

Regards
/Mathias

[AMarques]

I have the same problem.

[bragrabb]

Hi!

Ok here's what I did. I'm positive flushed all security down the drain and is so please advice (but be gentle...).

In /var/log/freeradius/radius.log i could find

     Sun Apr 13 20:19:46 2014 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
     Sun Apr 13 20:19:46 2014 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem

I had a look at this http://freeradius.1045715.n5.nabble.com/Error-Reading-Certificate-file-td5110327.html and after that looked into my Zentyal server.

When I looked at the permissions for /etc/freeradius/certs/freeradius.pem it was root:root. Several other files in  the directory had the permissions root:freerad. In addition to this the freeradius service is run by the user freerad. Hence I change the permission on /etc/freeradius/certs/freeradius.pem to root:freerad and rebooted.

Now it's working again.   

The new problem now    is that /var/log/freeradius/radius.log if filled with complaints about:

     Error: Failed binding to authentication address * port 1812: Address already in use

I suppose Zentyal tries to start freeradius but in fact it's already running...

Any thoughts/concerns?

Regards
/Mathias

[apos]

I could finally solve the problem Zentyal 3.4 / 13.10 saucy after upgrade from 3.3 / 12.04 lts):

Freeradius is installed as a service. Killing the program simple reopens a new instance ...

So the only way is removing all startup links from freeradius with:

Code: [Select]

update-rc.d -f freeradius remove
Now zentyal could restart and force-reload freeradius.

Ok, this seems not not be the whole story.

I investigated further, that the problem seems to be the "restart" command of zentyal.

If I do a

Code: [Select]

service zentyal radius stop
killall freeradius
service zentyal radius start

then things run fine.

So decided to write a little monitor script and put this in /etc/rc.local, so the monitor script will run upon startup.

I know this is far from perfect, but as long as the problem is solved, it works:

Code: [Select]

#/bin/bash
#
# Put this in /etc/rc.local
#
# Monitor zentyal radius

# Upon update, links for freeradius will be set again, so remove them
update-rc.d -f freeradius remove

restart_radius() {
      /usr/sbin/service zentyal radius stop
      sleep 2
      /usr/bin/killall freeradius
           
      /usr/sbin/service zentyal radius start
}

while (true)
do
        if radtest radtestuser 123-qwe localhost 1812 123-qwe
        then
                echo "RADIUS OK"
 
        else
                logger "ERROR: ZENTYAL RADIUS is DOWN ... restarting ..."
                restart_radius
        fi
 
        sleep 15
 
done


I forgot to mention:

To get this work, you have to add a new radius client on 127.0.0.1 within your zentyal configuration! The credentials - radiustestuser, its password and the secret - can be choosen freely but must be set correctly. Don't use your standard credentials for testing radius!

radtest ist part of the package

Code: [Select]

sudo apt-get install freeradius-utils
Cheers

[jcaudeli]

Thank you very much!

I wasted many hours of my life trying to guess what happened to my radius server. And your solution just works!

I registered only to appreciate your contribution. Thanks again.

[tasraison]

If you want to have the Radius module started on boot and the module status reported correctly you'll have to make the following changes (see here for original bug report & answer https://tracker.zentyal.org/issues/1333) ,

Updated by julio - 4 months ago

add the following lines to '/etc/init/freeradius.conf':

Code: [Select]

post-start script
    PID=`status freeradius | egrep -oi '([0-9]+)$' | head -n1`
    echo $PID > /var/run/freeradius/freeradius.pid
end script
works with Zentyal 3.4 and 3.5