Hi all. I have a fresh install of 7.1b3. i only did the update without adding any extra repository. Registration and app install was made through marketplace. I'm unable to start the Radius server. when i click Start, it just turn to stop again. I added a client via the webconfig, with ip address, nickname and password. Here is the output of /var/log/radius/radius.log:
Mon Sep 21 18:29:05 2015 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.195.198.3. Please fix your configuration
Mon Sep 21 18:29:05 2015 : Warning: Support for old-style clients will be removed in a future release
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-config/files/authorize[1]: Could not open included file /etc/raddb/mods-config/files/clearos-users: No such file or directory
Mon Sep 21 18:29:05 2015 : Error: Failed reading /etc/raddb/mods-config/files/authorize
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
edit:
here is the /etc/raddb/clearos-client:
client 10.195.198.3 {
secret = ciscowificlient
shortname = Wifi
}
it seems that the webconfig entered the ip address instead of the name of the client, and ipaddr parameter is missing within the quote.
who can help ? thanks !
Mon Sep 21 18:29:05 2015 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.195.198.3. Please fix your configuration
Mon Sep 21 18:29:05 2015 : Warning: Support for old-style clients will be removed in a future release
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-config/files/authorize[1]: Could not open included file /etc/raddb/mods-config/files/clearos-users: No such file or directory
Mon Sep 21 18:29:05 2015 : Error: Failed reading /etc/raddb/mods-config/files/authorize
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
edit:
here is the /etc/raddb/clearos-client:
client 10.195.198.3 {
secret = ciscowificlient
shortname = Wifi
}
it seems that the webconfig entered the ip address instead of the name of the client, and ipaddr parameter is missing within the quote.
who can help ? thanks !
Share this post:
Responses (16)
-
Accepted Answer
Dave Loper wrote:
For those wanting to try out the package in testing and can provide me with feedback, please test the package by running:
yum --enablerepo=clearos-updates-testing upgrade app-radius
You should be getting version 2.2.0-2.v7
Let me know so we can generally release this and then put it back in the marketplace.
it's still not starting. i uninstalled the old version, then, from the marketplace, it installed 2.2.0-2 without having to specify repository.
then i added a client, and can't start it .
here is the /var/log/message:
May 2 22:28:03 pingouin webconfig: Redirecting to /bin/systemctl start radiusd.service
May 2 22:28:03 pingouin systemd: Starting FreeRADIUS high performance RADIUS server....
May 2 22:28:03 pingouin systemd: radiusd.service: control process exited, code=exited status=1
May 2 22:28:03 pingouin systemd: Failed to start FreeRADIUS high performance RADIUS server..
May 2 22:28:03 pingouin systemd: Unit radiusd.service entered failed state.
May 2 22:28:03 pingouin systemd: radiusd.service failed.
May 2 22:28:03 pingouin webconfig: Job for radiusd.service failed because the control process exited with error code. See "systemctl status radiusd.service" and "journalctl -xe" for details.
here is /var/log/radius/radius.log
Mon May 2 22:32:29 2016 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.195.198.3. Please fix your configuration
Mon May 2 22:32:29 2016 : Warning: Support for old-style clients will be removed in a future release
Mon May 2 22:32:29 2016 : Warning: rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO returned: -1
Mon May 2 22:32:29 2016 : Info: rlm_ldap: libldap vendor: OpenLDAP version: 20439
Mon May 2 22:32:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
Mon May 2 22:32:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
Mon May 2 22:32:29 2016 : Info: Loaded virtual server <default>
Mon May 2 22:32:29 2016 : Info: Loaded virtual server default
Mon May 2 22:32:29 2016 : Info: Loaded virtual server clearos-inner-tunnel
Mon May 2 22:32:29 2016 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Mon May 2 22:32:29 2016 : Info: Loaded virtual server inner-tunnel
Mon May 2 22:32:29 2016 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.195.198.3. Please fix your configuration
Mon May 2 22:32:29 2016 : Warning: Support for old-style clients will be removed in a future release
Mon May 2 22:32:29 2016 : Warning: rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO returned: -1
Mon May 2 22:32:29 2016 : Info: rlm_ldap: libldap vendor: OpenLDAP version: 20439
Mon May 2 22:32:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
Mon May 2 22:32:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
Mon May 2 22:32:29 2016 : Info: rlm_ldap (ldap): Opening additional connection (0)
Mon May 2 22:32:29 2016 : Error: rlm_ldap (ldap): Bind credentials incorrect: Invalid credentials
Mon May 2 22:32:29 2016 : Error: rlm_ldap (ldap): Opening connection failed (0)
Mon May 2 22:32:29 2016 : Error: /etc/raddb/mods-enabled/ldap[1]: Instantiation failed for module "ldap"
in /etc/raddb/clearos-client, it seems that the web interface is entering the ip address in the name...
client 10.195.198.3 {
secret = wifi5630
shortname = AP
}
even when i change the file to this:
client AP {
ipaddr = 10.195.198.3
secret = wifi5630
}
i still got :
Mon May 2 22:38:29 2016 : Warning: rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO returned: -1
Mon May 2 22:38:29 2016 : Info: rlm_ldap: libldap vendor: OpenLDAP version: 20439
Mon May 2 22:38:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
Mon May 2 22:38:29 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
Mon May 2 22:38:29 2016 : Info: Loaded virtual server <default>
Mon May 2 22:38:29 2016 : Info: Loaded virtual server default
Mon May 2 22:38:29 2016 : Info: Loaded virtual server clearos-inner-tunnel
Mon May 2 22:38:29 2016 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Mon May 2 22:38:29 2016 : Info: Loaded virtual server inner-tunnel
Mon May 2 22:38:30 2016 : Warning: rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO returned: -1
Mon May 2 22:38:30 2016 : Info: rlm_ldap: libldap vendor: OpenLDAP version: 20439
Mon May 2 22:38:30 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for accounting, will return NOOP for calls from this section
Mon May 2 22:38:30 2016 : Info: rlm_ldap (ldap): Couldn't find configuration for post-auth, will return NOOP for calls from this section
Mon May 2 22:38:30 2016 : Info: rlm_ldap (ldap): Opening additional connection (0)
Mon May 2 22:38:30 2016 : Error: rlm_ldap (ldap): Bind credentials incorrect: Invalid credentials
Mon May 2 22:38:30 2016 : Error: rlm_ldap (ldap): Opening connection failed (0)
Mon May 2 22:38:30 2016 : Error: /etc/raddb/mods-enabled/ldap[1]: Instantiation failed for module "ldap"
thanks -
Accepted Answer
For those wanting to try out the package in testing and can provide me with feedback, please test the package by running:
yum --enablerepo=clearos-updates-testing upgrade app-radius
You should be getting version 2.2.0-2.v7
Let me know so we can generally release this and then put it back in the marketplace. -
Accepted Answer
-
Accepted Answer
Thanks Ales and others. Sorry for the delays on RADIUS. It should be back in the marketplace as soon as we can get some testing on the packages in updates-testing that should be populating with new RADIUS code in the next several days.
Specifically, we wanted to make sure that the inner tunnel would support EAP so that we could authentication devices like Wireless Access Points which rely on that inner-tunnel. The bug has been updated and we will be rolling new packages on that code soon.
If you want a preview or to validate my code, please see: https://tracker.clearos.com/view.php?id=6101 -
Accepted Answer
I tried posting this as a topic but the forums are.. weird.
Anyway i solved this wit a new config file. The configuration auto-generated is for freeradius2 not for 3 which is in clearOS 7
So after installing with
yum install app-radius
Configure the clients in the web interface and then edit the ldap file in /etc/raddb/mods-available
This is a template of my config
ldap {
server = "localhost"
port = 389
identity = "cn=manager,ou=Internal,dc=DOMAIN,dc=NAME"
password = yourpassword
basedn = "dc=DOMAIN,dc=NAME"
user {
base_dn = "ou=Users,ou=Accounts,dc=DOMAIN,dc=NAME"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
}
update {
control:Password-With-Header += 'clearSHAPassword'
control:NT-Password := 'clearMicrosoftNTPassword'
}
group {
base_dn = "ou=Groups,ou=Accounts,dc=DOMAIN,dc=NAME"
filter = '(objectClass=posixGroup)'
membership_attribute = 'memberOf'
}
options {
chase_referrals = yes
rebind = yes
use_referral_credentials = no
res_timeout = 10
srv_timelimit = 3
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0028
}
tls {
}
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
connect_timeout = 3.0
}
}
Hopefully this helps someone. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Let me see if I can get a status update from our RADIUS guru. Keep in mind, RADIUS is mostly driven by the ClearBOX hardware wireless requirement, and that has not yet been completed. Regardless, if RADIUS isn't working in ClearOS 7, then we should remove it from view in Marketplace until it's done. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
There's an update in the clearos-updates-testing repository. You can re-install the RADIUS app with:
yum remove freeradius
yum --enablerepo=clearos-updates-testing install app-radius
It fixes all the things Dave mentioned and also merges a more recent set of configuration files. There might be a few other items to review, but the RADIUS app should be better now. It still hasn't passed the WorksForMe step in the ClearOS 7 release workflow.
From here you will get errors concerning LDAP. LDAP is likely required and will need to have separate settings for OpenLDAP or Samba4
I just added a tracker item for this: https://tracker.clearos.com/view.php?id=5442 -
Accepted Answer
-
Accepted Answer
Here are some specifics:
moved /etc/raddb/clearos-users to /etc/raddb/mods-config/files/
Next, I had to comment out 'unix' from /root/support/raddb/raddb/sites-enabled/default
About Line 297
[root@server sites-enabled]# diff default /root/support/raddb/raddb/sites-enabled/default
297c297
< # unix
---
> unix
Lastly, the symbolic link is missing for 'ldap'
cd /etc/raddb/mods-enabled/
ln -s ../mods-available/ldap ldap
From here you will get errors concerning LDAP. LDAP is likely required and will need to have separate settings for OpenLDAP or Samba4
Here is a howto for Samba 4. Will look into other methods for accessing the directory to see if we can just hit the local authentication. For EAP, you have to encrypt the inner tunnel so it can get complex.
https://wiki.samba.org/index.php/VPN_Single_SignOn_with_Samba_AD#Install_.26_Configure_a_Radius_Server -
Accepted Answer
Faucon wrote:
Hi all. I have a fresh install of 7.1b3. i only did the update without adding any extra repository. Registration and app install was made through marketplace. I'm unable to start the Radius server. when i click Start, it just turn to stop again. I added a client via the webconfig, with ip address, nickname and password. Here is the output of /var/log/radius/radius.log:
Mon Sep 21 18:29:05 2015 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 10.195.198.3. Please fix your configuration
Mon Sep 21 18:29:05 2015 : Warning: Support for old-style clients will be removed in a future release
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-config/files/authorize[1]: Could not open included file /etc/raddb/mods-config/files/clearos-users: No such file or directory
Mon Sep 21 18:29:05 2015 : Error: Failed reading /etc/raddb/mods-config/files/authorize
Mon Sep 21 18:29:05 2015 : Error: /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
That looks like a bug. On it.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »