On Mon, Sep 02, 2013 at 07:07:15PM +0200, Petter Reinholdtsen wrote: > [Giorgio Pioda] > > Some progress and some questions > > > > Checking with strace the activity of freeradius in debug mode, > > I've seen that the daemon was triing to write into /tmp/user/0 > > which had root:root and 0711 privileges. > > > > Opening to 0777 makes the authentication successful and a radius_125 > > file (freerad:freerad owner) is created. > > > > Is it ok to have such a permission in this directory? > > No. > > The /tmp/user/0 directory is the TMP/TMPDIR directory of the root > user. It is created by libpam-tmpdir when a user log in and ensure > users are more isolated from each other. If the radius server lack > write access to this directory, it is because it isn't running as the > root user when it try to write its files. > > A quickfix is to restart the daemon while TMP and TMPDIR is unset, ie > something like this: > > 'TMP= TMPDIR= service freeradios restart' > > The proper fix is perhaps to stop freeradios from storing files in > /tmp, or to get it to call PAM when changing uid (to create its own > directory under /tmp/user/), or to get it to open the files in /tmp/ > before changing uid. :)
A clean reboot fixed the /tmp/user issue. Now freeradius is writing tickets to /var/tmp. What still is there is the problem with password containing special chars, at leasr with "radtest". Regards Giorgio -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
