Re: [PacketFence-users] Radtest Fail

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Frederic:

I checked the setting and it is already set to yes. That was a little
disappointing, I was hoping it would be the solution to my problem.

Thank you for your assistance.

Louis,

I ran the command as you suggested. It is currently indicating an error
reading the radiusd.conf.

Additionally, I also checked the web admin and realised that most of my
services have stopped working and I can't get them back up. The only ones
that are up are httpd.admin and memcached.

[root@pf-zen-esx ~]# radiusd -d /usr/local/pf/raddb -X
radiusd: FreeRADIUS Version 2.2.5, for host x86_64-redhat-linux-gnu, built
on Apr 29 2014 at 09:18:14
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /usr/local/pf/raddb/radiusd.conf
including configuration file /usr/local/pf/raddb/proxy.conf
including configuration file /usr/local/pf/raddb/clients.conf
including files in directory /usr/local/pf/raddb/modules/
including configuration file /usr/local/pf/raddb/modules/pap
including configuration file /usr/local/pf/raddb/modules/pam
including configuration file /usr/local/pf/raddb/modules/smsotp
including configuration file /usr/local/pf/raddb/modules/sradutmp
including configuration file /usr/local/pf/raddb/modules/redis
including configuration file /usr/local/pf/raddb/modules/linelog
including configuration file /usr/local/pf/raddb/modules/sql_log
including configuration file /usr/local/pf/raddb/modules/ippool
including configuration file /usr/local/pf/raddb/modules/mac2vlan
including configuration file /usr/local/pf/raddb/modules/replicate
including configuration file /usr/local/pf/raddb/modules/logintime
including configuration file /usr/local/pf/raddb/modules/mschap
/usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string
Errors reading or parsing /usr/local/pf/raddb/radiusd.conf

On Thu, Jun 5, 2014 at 9:21 AM, Louis Munro <lm...@in...> wrote:

>
>
> On 2014-06-05, at 6:53 , Carla Nurse <pac...@gm...> wrote:
>
> OKay, so I think I know why the tests weren't working. The radiusd service
> isn't running.
>
> [root@pf-zen-esx ~]# service radiusd status
> radiusd is stopped
> [root@pf-zen-esx ~]# service radiusd start
> Starting radiusd:                                          [FAILED]
>
> When I  run the radiusd -X command, the end indicates that it  is
> "Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in
> range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)". I
> tried to update it using the yum install openssl 1.0.1g but that failed.
> Indicating that the package was not available.
>
>
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in
> range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)
> For more information see http://heartbleed.com
>
>
> Hi Carla,
> The service is not supposed to be running.
>
> FreeRADIUS is managed by PacketFence, not initd.
>
> This is unsurprising and will probably happen even if you update libssl.
> The issue is that you are not running radiusd with the correct arguments.
>
> You should be doing it this way:
>
> # radiusd -d /usr/local/pf/raddb -X
>
>
> But don't expect that to fix your ntlm_auth problem.
> FreeRADIUS depends on ntlm_auth, not the other way around.
> You still have to get ntlm_auth working before FreeRADIUS will do Active
> Directory authentication.
>
> Have you considered the possibility that the issue is on the AD server?
> Also, make sure you have DNS working correctly.
> tcpdump ca be your friend to see what is going on between your server and
> AD.
>
> Regards,
> --
> Louis Munro
> lm...@in...  ::  www.inverse.ca
> +1.514.447.4918 *125  :: +1 (866) 353-6153
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> PacketFence-users mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>