Solved [Solved] FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD 10)

[GuloGuloDesu]

I had this problem on FreeBSD 9.2 so I did a fresh install of FreeBSD 10 to see if I still had the same problem.

The problem that I am having is when I run radiusd -X I receive the following error:

$ sudo radiusd -X
radiusd: FreeRADIUS Version 3.0.0, for host amd64-portbld-freebsd10.0, built on Jan 23 2014 at 14:48:01
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including dictionary file /usr/local/etc/raddb/dictionary
Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.dhcp[207]: Type "tlv" can only be for "format=1,1".

Here are the steps that I followed to install and configured freeradius3

I installed freeradius3 from the ports tree by doing the following:

cd /usr/ports/net/freeradius3
sudo make
    EDIR
    FREETDS
    HEMDAL_PORT
    KERBEROS
    LDAP
    PERL
    PYTHON
    SSL_PORT
    USER
	gdbm-1.11
	    Uncheck COMPAT
	    NLS
	freetds-0.64_9,1
	    DOCS
	    Uncheck GNUTLS
	    Uncheck MSDBLIB
	    OPENSSL
	    Uncheck IODBC
	    Uncheck UNIXODBC
sudo make install
sudo make clean

I also changed 4 config files:
/usr/local/etc/raddb/radiusd.conf

max_requests = 25600

/usr/local/etc/raddb/clients.conf

client 10.1.1.1 {
secret = Password
shortname = Wireless
nas_type = cisco
}

/usr/local/etc/raddb/mods-available/mschap

with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

/usr/local/etc/raddb/mods-available/eap

default_eap_type = ttls

After some Googling I found this page that says that I am using version 2 dictionaries and that is what is causing my problem.
So I went to the freeradius homepage and downloaded the freeradius 3.0 package and tried to copy over just the dictionary.dhcp. But I still receive the same error.

I also tried changing format in /usr/local/share/freeradius/dictionary.dhcp from

VENDOR          DHCP                            54      format=2,1

to

VENDOR          DHCP                            54      format=1,1

But I receive the error that the comments warn about:

Errors reading dictionary: dict_init: /usr/local/share/freeradius/dictionary.dhcp[35]: dict_addattr: ATTRIBUTE has invalid number (larger than 255).

I attempted to just delete dictionary.dhcp, but I receive an error that dictionary.dhcp is missing.

The last thing that I tried was commenting out dictionary.dhcp in /usr/local/share/freeradius/dictionary. When I do that radiusd loads a bit farther, but I eventually receive this error:

/usr/local/etc/raddb/mods-enabled/dhcp[18]: Failed to link to module 'rlm_dhcp': Shared object "rlm_dhcp.so" not found, required by "radiusd"

I'm not sure if this matters, but just in case. This FreeBSD server is using DHCP rather than having a static IP. Also I did not install the experimental DHCP piece when I built freeradius3 in the ports.

I'm not really sure where to go form here. Does anyone have any suggestions? Also is this an error in the ports itself?

Any help or suggestions would be greatly appreciated.

 

[trh411]

Re: FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD 10)

I've seen other complaints about this issue as well. Best guess at this point is that it is an error with the FreeBSD port of net/freeradius3, but there is no resolution yet. Some have suggested removing /usr/local/etc/raddb/mods-enabled/dhcp* as a possible workaround if you really don't require the experimental DHCP, but there has been no confirmation that this actually works. However, if you want to try this approach, I would recommend simply renaming the /usr/local/etc/raddb/mods-enabled/dhcp* directory in place rather than deleting it, and restarting net/freeradius3.

I'll report back if I hear of a permanent fix.

 

[GuloGuloDesu]

Re: FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD 10)

Thank you for the response.
I was afraid it was going to be a bug in the ports that I wouldn't be able to resolve.

I was going to try your suggestion of renaming the /usr/local/etc/raddb/mods-enabled/dhcp* directory, but that directory does not exist. There is a /usr/local/etc/raddb/mods-enabled/dhcp file, but no directory. I also checked all of the other mods directories but did not find a dhcp directory in any of them. I tried renaming the file, but still had the same problem.

At this point, since it appears it is a ports problem, I will go ahead and install freeradius2 and see if that works. I'll post back if it does.

Just as a brief side note. Should I submit a bug report to someone on the problem with the freeradius3 port? If so, where do I go to do that?

 

[trh411]

Re: FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD 10)

See if the following works for you:

• 
  1. Disable the DHCP dictionary by commenting out the line:
  

  $INCLUDE dictionary.dhcp

  in /usr/local/share/freeradius/dictionary.
  
  2. Remove the /usr/local/etc/raddb/mods-enabled/dhcp file. (yes, you are correct it's a file not a directory as I mistakenly referred to it!) I would move the file to a safe place just in case rather than deleting it, but that's just me.

It seems that net/freeradius3 comes with DHCP enabled, but the FreeBSD port has it set to disabled as it fails to build properly with DHCP enabled. However, in the confusion, the FreeBSD port does not fix up the default configuration. Thus the error.

*Credit to Dave Duchscher for this.

 

[GuloGuloDesu]

Re: FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD 10)

You're awesome, that worked perfectly. I still have a lot of testing to do to make sure that all my other configs are good, but I can finally continue setting this up.

I was so close with what I had attempted. I just needed to remove /usr/local/etc/raddb/mods-enabled/dhcp and it would have worked for me with the dictionary.dhcp disabled.

Just for my own benefit, how would I have gone about troubleshooting this to a resolution? Most of the things that I attempted were guess and check or rather educated guess and check. I am unsure how I would have linked the /usr/local/etc/raddb/mods-enabled/dhcp back to the dictionary.dhcp. I just did a quick search of dictionary.dhcp and there are no paths or file references that I could see.

Thank you very much for your help with this. I'm sure someone else will run into this same issue at some point, and hopefully they find this thread.

 

[trh411]

Re: [Solved] FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD

I noticed today that the port maintainer is testing a patch to correct this issue. Hopefully it will work and be committed before anyone else runs into this problem.

It sounds like you were on the right track with your "educated guesses", but just did not take it that last step. Sometimes our "educated guesses" are all we have to start with or go on. As you run into more problems and try to troubleshoot them, you will get better at it as long as you have the patience and perseverance (or dogged determination even) for it. I have always enjoyed troubleshooting and am pretty good at it, but I also have 35+ years of professional IT experience as well, so I've seen more than my share of problems. Although there has to be a discipline to troubleshooting, it is as much art as science.

@SirDice has the signature line: "Experience is something you don't get until just after you need it". Troubleshooting is like that too. The only way to get better at troubleshooting is to troubleshoot as many problems as you can. Peruse the forums to see what problems other are having and what they do to resolve them. If I find a problem/solution that particularly interests me, I'll cut and paste it into my "notebook" for future reference.

Just some random thoughts.

 

[trh411]

Re: [Solved] FreeRadius 3.0.1 dictionary.dhcp error (FreeBSD

Just noticed the patch to net/freeradius3 was committed to the ports tree so the port should now build correctly when DHCP is not enabled as an option once portsnap has picked up the change.