On Mon, Nov 18, 2002 at 11:02:01PM +1100, Adrian Chadd wrote: > > On Monday, November 18, 2002, at 10:47 PM, Thomas Linden wrote: > > >> > >>... and I bet you're not running radiusd as root. If you can coax the > >>radius server to > >>run as root, just as a test, see what happens. If it still doesn't > >>work > >>I'll be quite surprised. > > > >yes, it works when running as root. > > > >In the meantime I found another solution: > >I configured the passwd file in radiusd to be /etc/master.passwd, > >chowned /etc/master.passwd to daemon (+ chmod 600) and run > >radiusd as daemon. This works well. From the security point of > >view this is no problem, since the radius daemon runs inside > >a chroot anyway. > > > > Eww. You might want to look at the shadow option - ie, leave > /etc/master.passwd set to root:root, 0600, but set the shadow file > entry in radiusd.conf to /etc/master.passwd. That might work, > and it might not require radiusd to continuously run as root. > (Again, I haven't had much experience running freeradius w/ > system passwords..)
nope, doesn't work. > Oh, and why not run this inside a jail instead of a chroot? :) this is a longer story, in short terms: we are starting all our services in a portable way, and chroot is the one which is supported both on *bsd, solaris and linux. But we use a jail for the shell-service :-) Tom -- Thomas Linden <[EMAIL PROTECTED]>, I Z B Informatik-Zentrum Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet Service Providing OE532 Tel:089/2171-27998, Fax:089/2171-27995, http://www.izb.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
