Re: [PacketFence-users] RADIUS suddenly failing to start

Tue, 12 Aug 2014 08:24:49 -0700 

Hi Stephen,

The thing to do if you manually modify any of the radius configuration files is 
to run this after every change:

# radius -d /usr/local/pf/raddb -CX

This will run a syntax check, without affecting the running process.

If the check fails, fix it before restarting radius or it will refuse to start.

Regards,
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 *125  :: +1 (866) 353-6153 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On 2014-08-12, at 11:14 , "Stormont, Stephen (IMS)" <[email protected]> 
wrote:

>                 Thanks to both you and Fabrice for the command.  Had an extra 
> “}” in our mschap module.  Fixed that and got Radius restarted.  Now, back to 
> actually getting 802.1x AD integration working…
>  
> From: Louis Munro [mailto:[email protected]] 
> Sent: Tuesday, August 12, 2014 11:05 AM
> To: [email protected]
> Subject: Re: [PacketFence-users] RADIUS suddenly failing to start
>  
> Hi Stephen,
>  
> Try running Freeradius in debug mode to get more output:
>  
> # radiusd -d /usr/local/pf/raddb -X
>  
>  
> Please post the output.
>  
> Regards,
> --
> Louis Munro
> [email protected]  ::  www.inverse.ca 
> +1.514.447.4918 *125  :: +1 (866) 353-6153 
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
> (www.packetfence.org)
>  
> On 2014-08-12, at 10:58 , "Stormont, Stephen (IMS)" <[email protected]> 
> wrote:
> 
> 
>                 RADIUS had been working on our installation and then suddenly 
> today it died after a system restart.  The last lines of 
> /usr/local/pf/logs/radius.log are:
> Tue Aug 12 10:16:59 2014 : Error: SSL: SSL_read failed inside of TLS (-1), 
> TLS session fails.
> Tue Aug 12 10:16:59 2014 : Auth: Login incorrect (TLS Alert 
> read:fatal:unknown CA): [host/LT-T430-3.omni.imsweb.com] (from client 
> 172.22.34.2 port 4028 cli 3C-97-0E-AD-B6-6B)
> Tue Aug 12 10:18:20 2014 : Auth: Login OK: [dd9999] (from client localhost 
> port 12)
> Tue Aug 12 10:18:38 2014 : Auth: Login OK: [dd9999] (from client localhost 
> port 12)
> Tue Aug 12 10:19:27 2014 : Info: Signalled to terminate
> Tue Aug 12 10:19:27 2014 : Info: Exiting normally.
>  
>                 After that, the service will not start using the “Services” 
> option in PacketFence.  Looking at /usr/local/pf/logs/packetfence.log, it 
> says at the end that radius started however a grep for the service shows that 
> it is not running and nothing is listening on that port.  Running radtest 
> says “radclient: no response from server for ID 31 socket 3”.
>  
> End of /usr/local/pf/logs/packetfence.log is below:
> Aug 12 10:45:25 pfsetvlan(0) FATAL: pfsetvlan: caught SIGTERM - terminating 
> at /usr/share/perl5/File/Tail.pm line 554
> (File::Tail::read)
> Aug 12 10:45:25 pfsetvlan(0) ERROR: pfsetvlan: caught SIGTERM - terminating 
> at /usr/share/perl5/File/Tail.pm line 554
> (File::Tail::read)
> Aug 12 10:45:25 pfsetvlan(0) INFO: stopping pfsetvlan (main::)
> Aug 12 10:45:25 pfsetvlan(0) FATAL: pfsetvlan: caught SIGTERM - terminating 
> at /usr/share/perl5/File/Tail.pm line 554
> (main::END)
> Aug 12 10:45:25 pfsetvlan(0) FATAL: pfsetvlan: caught SIGTERM - terminating 
> at /usr/share/perl5/File/Tail.pm line 554
> END failed--call queue aborted at /usr/local/pf/sbin/pfsetvlan line 554.
> (main::)
> Aug 12 10:45:25 pfsetvlan(0) ERROR: pfsetvlan: caught SIGTERM - terminating 
> at /usr/share/perl5/File/Tail.pm line 554
> END failed--call queue aborted at /usr/local/pf/sbin/pfsetvlan line 554.
> (main::)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x memcached returned 2073 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: verifying process 2073 
> (pf::services::manager::removeStalePid)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x memcached returned 2073 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: removing stale pid file 
> /usr/local/pf/var/run/memcached.pid (pf::services::manager::removeStalePid)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x dhcpd returned 2103 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: verifying process 2103 
> (pf::services::manager::removeStalePid)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x dhcpd returned 2103 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: removing stale pid file 
> /usr/local/pf/var/run/dhcpd.pid (pf::services::manager::removeStalePid)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x snmptrapd returned 2183 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: verifying process 2183 
> (pf::services::manager::removeStalePid)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: pidof -x snmptrapd returned 2183 
> (pf::services::manager::pidFromFile)
> Aug 12 10:46:37 pfcmd.pl(2038) INFO: removing stale pid file 
> /usr/local/pf/var/run/snmptrapd.pid (pf::services::manager::removeStalePid)
> Aug 12 10:46:38 pfcmd.pl(2038) INFO: Instantiate a new iptables modification 
> method. pf::ipset (pf::inline::get_technique)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: saving existing iptables to 
> /usr/local/pf/var/iptables.bak (pf::iptables::iptables_save)
> Aug 12 10:46:39 pfcmd.pl(2038) WARN: We are using IPSET 
> (pf::ipset::iptables_generate)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: flushing iptables 
> (pf::ipset::iptables_flush_mangle)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: restoring iptables from 
> /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: Daemon memcached took 0.065 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: generating 
> /usr/local/pf/var/conf/ssl-certificates.conf 
> (pf::services::manager::httpd::generateConfig)
> Aug 12 10:46:39 pfcmd.pl(2038) INFO: generating 
> /usr/local/pf/var/conf/captive-portal-common.conf 
> (pf::services::manager::httpd::generateConfig)
> Aug 12 10:46:50 pfcmd.pl(2038) INFO: Daemon httpd.admin took 11.291 seconds 
> to start. (pf::services::manager::launchService)
> Aug 12 10:47:02 pfcmd.pl(2038) INFO: pf::services::manager, 
> /usr/local/pf/lib/pf/services/manager.pm, 155 
> (pf::services::manager::dhcpd::generateConfig)
> Aug 12 10:47:02 pfcmd.pl(2038) INFO: Daemon dhcpd took 0.140 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:47:06 pfcmd.pl(2038) INFO: Daemon httpd.portal took 4.000 seconds 
> to start. (pf::services::manager::launchService)
> Aug 12 10:47:11 pfcmd.pl(2038) INFO: Daemon httpd.webservices took 1.934 
> seconds to start. (pf::services::manager::launchService)
> Aug 12 10:47:12 pfcmd.pl(2038) INFO: Daemon pfdhcplistener_eth1 took 0.006 
> seconds to start. (pf::services::manager::launchService)
> Aug 12 10:47:12 pfcmd.pl(2038) INFO: Daemon pfdhcplistener_eth2 took 0.004 
> seconds to start. (pf::services::manager::launchService)
> Aug 12 10:47:12 pfcmd.pl(2038) INFO: Daemon pfdhcplistener_eth0 took 0.004 
> seconds to start. (pf::services::manager::launchService)
> Aug 12 10:47:15 pfcmd.pl(2038) INFO: Daemon pfdns took 0.005 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:47:18 pfcmd.pl(2038) INFO: Daemon pfmon took 2.300 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:47:19 pfcmd.pl(2038) INFO: generating 
> /usr/local/pf/var/conf/snmptrapd.conf 
> (pf::services::manager::snmptrapd::generateConfig)
> Aug 12 10:47:19 pfcmd.pl(2038) INFO: Daemon snmptrapd took 0.858 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:47:21 pfsetvlan(2176) INFO: pfsetvlan starting and writing 2179 to 
> /usr/local/pf/var/run/pfsetvlan.pid (pf::services::util::createpid)
> Aug 12 10:47:21 pfcmd.pl(2038) INFO: Daemon pfsetvlan took 1.547 seconds to 
> start. (pf::services::manager::launchService)
> Aug 12 10:47:21 pfsetvlan(2176) INFO: Process started (main::)
> Aug 12 10:47:22 pfcmd.pl(2038) INFO: Daemon radiusd took 1.021 seconds to 
> start. (pf::services::manager::launchService)
>  
> 
> Information in this e-mail may be confidential. It is intended only for the 
> addressee(s) identified above. If you are not the addressee(s), or an 
> employee or agent of the addressee(s), please note that any dissemination, 
> distribution, or copying of this communication is strictly prohibited. If you 
> have received this e-mail in error, please notify the sender of the error.
> ------------------------------------------------------------------------------
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>  
> 
> 
> Information in this e-mail may be confidential. It is intended only for the 
> addressee(s) identified above. If you are not the addressee(s), or an 
> employee or agent of the addressee(s), please note that any dissemination, 
> distribution, or copying of this communication is strictly prohibited. If you 
> have received this e-mail in error, please notify the sender of the error.
> ------------------------------------------------------------------------------
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to