Help!
Our security team wants radiusd running as a secure user. I've
attempted to run it as nobody by editing radiusd.conf but I get a
bunch of permission denied errors:
[EMAIL PROTECTED] etc]# /etc/init.d/radiusd start
Starting RADIUS server: Thu Mar 31 16:21:27 2005 : Info: Starting -
reading configuration files ...
radiusd: Couldn't open /var/log/radius/radius.log for logging:
Permission denied (rlm_exec: Wait=yes but no output defined. Did you
mean output=none?)
4778:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
4778:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
4778:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:279:
radiusd: Couldn't open /var/log/radius/radius.log for logging:
Permission denied (rlm_eap_tls: Error reading Trusted root CA list)
radiusd: Couldn't open /var/log/radius/radius.log for logging:
Permission denied (rlm_eap: Failed to initialize type tls)
radiusd: Couldn't open /var/log/radius/radius.log for logging:
Permission denied (radiusd.conf[9]: eap: Module instantiation failed.
)
[FAILED]
[EMAIL PROTECTED] etc]#
I've attempted creating a radiusd user and assigning rights but then I get:
4785:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
4785:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
4785:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:279:
I've even done chmod a+rwx on cacert.pem but the error still shows.
Ideas?
-d
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
