[Bug 906682] New: freeradius server fails to start because of openSSL version problem
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Bug ID: 906682 Summary: freeradius server fails to start because of openSSL version problem Classification: openSUSE Product: openSUSE Distribution Version: 13.2 Hardware: x86-64 OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: triffterer@web.de QA Contact: qa-bugs@suse.de Found By: Community User Blocker: --- The freeradius daemon in openSUSE 13.2 stopped working for me after upgrading from 13.1, but regarding the circumstances of the problem I think it is rather a generic problem and not upgrade-related. When starting it in debug mode (with root privileges invoke "radiusd -s -X -f" it returns:
libssl version mismatch. built: 1000109f linked: 100010af
The Debian developers encountered the same problem as you can see here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765871 A fix from the upstream developers for this versioning issue is documented here: https://github.com/FreeRADIUS/freeradius-server/commit/3eb1025dc6ac34608a7d5... As a first fix it may be enough to trigger recompilation of the freeradius-server package in OBS. Version of my currently installed package:
rpm -qi freeradius-server Name : freeradius-server Version : 3.0.3 Release : 3.1.4 Architecture: x86_64 Install Date: Fr 21 Nov 2014 21:13:54 CET Group : Productivity/Networking/Radius/Servers Size : 2800650 License : GPL-2.0 and LGPL-2.1 Signature : RSA/SHA256, Di 07 Okt 2014 04:28:34 CEST, Key ID b88b2fd43dbdc284 Source RPM : freeradius-server-3.0.3-3.1.4.src.rpm Build Date : Di 07 Okt 2014 04:27:53 CEST Build Host : cloud126 Relocations : (not relocatable) Packager : http://bugs.opensuse.org Vendor : openSUSE URL : http://www.freeradius.org/ Summary : Very Highly Configurable Radius Server Description : The FreeRADIUS server has a number of features found in other servers and additional features not found in any other server. Distribution: openSUSE 13.2
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |bwiedemann@suse.com, | |meissner@suse.com Assignee|bnc-team-screening@forge.pr |vcizek@suse.com |ovo.novell.com | --- Comment #1 from Bernhard Wiedemann <bwiedemann@suse.com> --- normally, OBS takes care about such recompiles in the base repo but I found the problem is that we upgraded openssl from 1.0.1i to 1.0.1j and that does not trigger a recompile of all programs linked against it (because normally it should be API-compatible) and I wonder if we should just drop that version-check from freeradius-server. Also encountered some other messages: /bin/chown: cannot access '/run/radiusd': No such file or directory Configuration file /usr/lib/systemd/system/radiusd.service is marked executable. Please remove executable permission -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 --- Comment #2 from Marcus Meissner <meissner@suse.com> --- Yes. it should not do strict version checking on openssl, 1.0.x versions have a stable API over their revisions. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Bob Goddard <suse-20050616@bgcomp.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P0 - Crit Sit CC| |suse-20050616@bgcomp.co.uk Severity|Normal |Critical --- Comment #3 from Bob Goddard <suse-20050616@bgcomp.co.uk> --- This is critical. We cannot log into any system which depends on radius. It's been over a week and still no fix. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P0 - Crit Sit |P1 - Urgent -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 --- Comment #4 from Marcus Meissner <meissner@suse.com> --- will do a fix -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #6 from Marcus Meissner <meissner@suse.com> --- released -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 --- Comment #8 from Bob Goddard <suse-20050616@bgcomp.co.uk> --- I am still getting a small problem. Trying to start it, it needs run/radius to exist to write the PID file which does not get created. Manually creating it and attempting to start it does work. Relevant output... eth7:/etc # systemctl start radiusd.service Job for radiusd.service failed. See "systemctl status radiusd.service" and "journalctl -xn" for details. eth7:/etc # systemctl status radiusd.service radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled) Active: failed (Result: exit-code) since Tue 2014-12-02 21:46:49 GMT; 5s ago Process: 32621 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=1/FAILURE) Process: 32619 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 32616 ExecStartPre=/bin/chown -R radiusd.radiusd /run/radiusd (code=exited, status=1/FAILURE) Dec 02 21:46:48 eth7 chown[32616]: /bin/chown: cannot access ‘/run/radiusd’: No such file or directory eth7:/etc # mkdir /run/radiusd eth7:/etc # systemctl stop radiusd.service eth7:/etc # systemctl start radiusd.service eth7:/etc # netstat -anp | grep radi udp 0 0 0.0.0.0:50486 0.0.0.0:* 32652/radiusd udp 0 0 127.0.0.1:18120 0.0.0.0:* 32652/radiusd udp 0 0 0.0.0.0:1812 0.0.0.0:* 32652/radiusd udp 0 0 0.0.0.0:1813 0.0.0.0:* 32652/radiusd -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 --- Comment #9 from Bob Goddard <suse-20050616@bgcomp.co.uk> --- Looking at it again, I assume the process must be owned and hence the directory /run/radiusd owned by radiusd.radiusd, however, no change of ownership is made and so it remains owned as root... eth7:/etc # ps auxwk start_time | grep radiu[s] root 32652 0.0 0.1 167580 6896 ? Ssl 21:47 0:00 /usr/sbin/radiusd -d /etc/raddb -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #10 from Marcus Meissner <meissner@suse.com> --- reopen as there are still issues with /run/radiusd -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=906682 Vitezslav Cizek <vcizek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |CONFIRMED CC| |vcizek@suse.com --- Comment #11 from Vitezslav Cizek <vcizek@suse.com> --- (In reply to Bob Goddard from comment #8)
Dec 02 21:46:48 eth7 chown[32616]: /bin/chown: cannot access ‘/run/radiusd’: No such file or directory
This is the issue Bernard mentioned in comment#1. I'll start an update soon. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com