Hi all,
upgrading my 6.2.1 to 6.4 running CentOS 7.3.1611 release today has resulted in
my radiusd and radiusd-acct services not starting.
Firstly I was getting the following error:
service|command
httpd.admin|already started
Checking configuration sanity...
WARNING - Cannot open the following certificate
%%install_dir%%/raddb/certs/pfenceha.crt
radiusd-acct|not started
radiusd|not started
so I found the line in eap.conf and edited so it showed:
certificate_file = [% install_dir %]/raddb/certs/pfenceha.crt
after reloading the config and restarting the pf services I no longer see the
error, however the radius services will still not start.
Running radiusd -X -d /usr/local/pf/raddb I could see the debug bombing out
because the default realm was being declared twice:
----snip-----
mrc = 5
mrd = 30
}
}
WARNING: Ignoring "response_window = 30.000000", forcing to "response_window =
10.000000"
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm default {
}
realm local {
}
realm null {
}
realm cardiffmet.ac.uk {
authhost = LOCAL
accthost = LOCAL
}
realm uwic.ac.uk {
authhost = LOCAL
accthost = LOCAL
}
home_server_pool eduroam {
type = client-balance
home_server = orps03.cardiffmet.ac.uk
home_server = orps04.cardiffmet.ac.uk
}
realm DEFAULT {
auth_pool = eduroam
nostrip
} # realm DEFAULT
----snip----
Further investigating showed that this is being pulled from
raddb/proxy.conf.inc:
# This file is generated from a template at
/usr/local/pf/conf/radiusd/proxy.conf.inc
# Any changes made to this file will be lost on restart
# Eduroam integration is not configured
realm default {
}
realm local {
}
realm null {
}
home_server orps03.cardiffmet.ac.uk {
type = auth
ipaddr = 193.62.96.44
port = 1812
secret = *************
require_message_authenticator = yes
}
home_server orps04.cardiffmet.ac.uk {
type = auth
ipaddr = 193.62.96.45
port = 1812
secret = **************
require_message_authenticator = yes
}
home_server_pool eduroam {
type = client-balance
home_server = orps03.cardiffmet.ac.uk
home_server = orps04.cardiffmet.ac.uk
}
realm cardiffmet.ac.uk {
authhost=LOCAL
accthost=LOCAL
}
realm uwic.ac.uk {
authhost=LOCAL
accthost=LOCAL
}
realm DEFAULT {
auth_pool = eduroam
nostrip
}
However, as this file is generated on the fly, I don't know where these initial
realm declarations are coming from! I've tried removing the reference to those
three domains in the admin GUI under config/radius/realms, but they still
reappear after reloading the config and restarting the services.
It's probably worth noting that this is an eduroam config, but not using the
packetfence built in eduroam config (yet).
Cheers,
Andi
________________________________
[Cardiff Metropolitan University - Queens Anniversary Prizes
2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
