Bug 50303 – Radius fails to start after upgrade to UCS 4.4-2 - missing /etc/freeradius/3.0/proxy.conf.debian

Bug 50303 - Radius fails to start after upgrade to UCS 4.4-2 - missing /etc/freeradius/3.0/proxy.conf.debian


Summary:	Radius fails to start after upgrade to UCS 4.4-2 - missing /etc/freeradius/3....

Status:	RESOLVED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	Radius
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:	42535
Blocks:
	Show dependency tree / graph

Reported:	2019-10-02 14:11 CEST by Lukas Zumvorde
Modified:	2022-01-21 18:47 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
50303-radius-proxy.cfg (2.16 KB, text/plain) 2022-01-21 18:47 CET, Philipp Hahn	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lukas Zumvorde

2019-10-02 14:11:07 CEST

I was informed by a customer that Radius fails to start after the Upgrade from UCS 4.3 to UCS 4.4-2. Freeradius was updated from version 2 to 3.

He noticed that /etc/freeradius/3.0/radiusd.conf contained a new line referencing /etc/freeradius/3.0/proxy.conf.debian. This file however does not exist. Touching the file resolves the problem. 

He also found the reason:
The file /etc/freeradius/3.0/sites-available/inner-tunnel b/freeradius/3.0/sites-available/inner-tunnel contains in line 44 (port = 18120) a TAB instead of spaces. The template file responcible is /etc/univention/templates/files/etc/freeradius/3.0/sites-available/inner-tunnel. 



Steps to reproduce:
Not necessary, just check if /etc/univention/templates/files/etc/freeradius/3.0/sites-available/inner-tunnel does indeed my tabs and spaces.

Comment 1 Jürn Brodersen

2019-10-02 16:00:28 CEST

Mixed tabs and spaces should not be problem in "/etc/freeradius/3.0/sites-available/inner-tunnel". At least my test system has no problem with that.

The missing "proxy.conf.debian" does indeed stop the server from starting. But I'm not sure why it was missing in the first place.

Comment 2 Lukas Zumvorde

2019-10-02 16:21:01 CEST

In my test system with a fresh radius install i had this tab at exactly the same spot as the customer. My system was installed at version 4.4-1 and has not been updated.

Comment 3 Philipp Hahn

2019-10-02 16:45:52 CEST

The ".debian" files are normally diverted by UCR when it replaces a Debian conffiles with an UCR template file: The original files gets renamed to ".debian" and the original path is replaced by the generated file.

It might have happened that the file was not `dpkg-divert`ed correctly or that during a package update the file was updated / removed without honoring the diversion correctly. `dpkg` honors them internally, but if a maintainer scripts touches the file and does not explicitly check for diversions, the file might get mishandled. Maybe `ucf` is used to manage that file?

Comment 4 Thorsten Strusch 2019-10-07 13:07:07 CEST

customer here :-)

There is no divert to this file:

```
root@radius:~# LANG=C dpkg-divert --list | grep radius
diversion of /etc/freeradius/modules/ldap to /etc/freeradius/modules.ldap.debian by univention-radius
diversion of /etc/freeradius/modules/mschap to /etc/freeradius/modules.mschap.debian by univention-radius
```

After the update from 2 to 3 the freeradius-config had to be moved manually to the folder 3.0/. Probably the file got lost during this upgrade.
The .bash_history does not go back that far on the system. :-/

The mixed indentation is just annoying at this point, but produces no errors.

best regards
/thorsten

Comment 5 Philipp Hahn

2022-01-21 18:45:48 CET

The inclusion of 'proxy.conf.debian` was done by Bug #42535 for UCS-4.3-3 with git:539df6009bb

etc/freeradius/3.0/proxy.conf is registered to be replaced by an UCR template in debian/univention-radius.univention-config-registry

(In reply to Thorsten Strusch from comment #4)
> There is no divert to this file:

But itt should be, but due to Bug #28284 that file might not have get updated.

> After the update from 2 to 3 the freeradius-config had to be moved manually to the folder 3.0/. Probably the file got lost during this upgrade.

At least the move should have happened automatically by Bug #46263 during the upgrade from UCS 4.2-5 to 4.3-0.
Actually the old UCR templates for v2 only got removed and new ones for v3 got added.
Moving anything manually should never be needed unless you modified some files there manually, which confused `dpkg`.

If you still have that system please provide the output of the following two commands before and after an (failed) update:
  dpkg-query -W -f '${Conffiles}\n' freeradius-config freeradius | grep -F proxy.conf
  find /etc/freeradius -name 'proxy.conf*' -exec md5sum {} +


I have tested this upgrade from 4.2-4 to 4.3-3 and afterwards I had both /etc/freeradius/3.0/proxy.conf{,.debian}.
Not that with [4.3-0 … 4.3-2] you will not have the `proxy.conf.debian` file as it only gets diverted with 4.3-3.

As UCS << 4.4-8 is out-of-maintenance and we will not release errata for old releases → WORKS-FOR-ME / WONT-FIX

Comment 6 Philipp Hahn

2022-01-21 18:47:16 CET

Created attachment 10906 [details]
50303-radius-proxy.cfg