As with most things in networking, when you ask for help, the answer
comes rushing out to you.

Here's what worked.

1. Created radiusd user and the radiusd group, radiusd  group is the
primary for the radiusd user.
2. Do this:
[EMAIL PROTECTED] doc]# chmod -R -rwx /etc/raddb
[EMAIL PROTECTED] doc]# chmod u+rwx /etc/raddb
[EMAIL PROTECTED] doc]# chmod u+rwx /etc/raddb/certs/
[EMAIL PROTECTED] doc]# chmod u+rwx /etc/raddb/certs/demoCA/
[EMAIL PROTECTED] doc]# chmod -R u+rw /etc/raddb
[EMAIL PROTECTED] doc]# mkdir /var/run/radiusd
[EMAIL PROTECTED] doc]# chown radiusd:radiusd /var/run/radiusd.pid 
[EMAIL PROTECTED] doc]# chown -R radiusd:radius /var/run/radiusd

[EMAIL PROTECTED] run]# /etc/init.d/radiusd stop
Stopping RADIUS server:                                    [FAILED]
[EMAIL PROTECTED] run]# /etc/init.d/radiusd start
Starting RADIUS server:                                    [  OK  ]
[EMAIL PROTECTED] run]# /etc/init.d/radiusd status
radiusd (pid 6239) is running...
[EMAIL PROTECTED] run]#


On Apr 1, 2005 4:02 PM, Dennis Comeaux <[EMAIL PROTECTED]> wrote:
> Additionally - here's the ls -l on /etc/raddb:
> 
> [EMAIL PROTECTED] root]# ls -l /etc/raddb
> total 460
> -rw-------    1 radiusd  radiusd       422 Feb 28 10:40 acct_users
> -rw-------    1 radiusd  radiusd      3454 Feb 28 10:40 attrs
> drwxrwxrwx    3 radiusd  radiusd      4096 Mar 16 16:56 certs
> -rw-------    1 radiusd  radiusd       189 Feb 28 10:40 clients
> -rw-------    1 radiusd  radiusd      3200 Mar 22 08:19 clients.conf
> -rw-------    1 radiusd  radiusd      3135 Mar 16 16:45 clients.conf~
> -rw-------    1 radiusd  radiusd       935 Feb 28 10:40 dictionary
> -rw-------    1 radiusd  radiusd      9228 Feb 28 16:41 eap.conf
> -rw-------    1 radiusd  radiusd      9223 Feb 28 16:40 eap.conf~
> -rw-------    1 radiusd  radiusd      8266 Feb 28 10:40 experimental.conf
> -rw-------    1 radiusd  radiusd      2396 Feb 28 10:40 hints
> -rw-------    1 radiusd  radiusd      1604 Feb 28 10:40 huntgroups
> -rw-------    1 radiusd  radiusd      2368 Mar  2 10:56 #ldap.attrmap#
> -rw-------    1 radiusd  radiusd      2368 Mar  2 09:27 ldap.attrmap
> -rw-------    1 radiusd  radiusd      2333 Feb 28 10:40 ldap.attrmap~
> -rw-------    1 radiusd  radiusd      9330 Feb 28 10:40 mssql.conf
> -rw-------    1 radiusd  radiusd      1020 Feb 28 10:40 naslist
> -rw-------    1 radiusd  radiusd       856 Feb 28 10:40 naspasswd
> -rw-------    1 radiusd  radiusd     12267 Feb 28 10:40 oraclesql.conf
> -rw-------    1 radiusd  radiusd     14156 Feb 28 10:40 postgresql.conf
> -rw-------    1 radiusd  radiusd       531 Feb 28 10:40 preproxy_users
> -rw-------    1 radiusd  radiusd      8862 Feb 28 10:40 proxy.conf
> -rw-------    1 radiusd  radiusd     58054 Mar 30 12:34 #radiusd.conf#
> -rw-------    1 radiusd  radiusd     58052 Apr  1 15:51 radiusd.conf
> -rw-------    1 radiusd  radiusd     58052 Apr  1 15:50 radiusd.conf~
> -rw-------    1 radiusd  radiusd     57852 Feb 28 10:54
> radiusd.conf.bkup_050228-rw-------    1 radiusd  radiusd       187 Feb
> 28 10:40 realms
> -rw-------    1 radiusd  radiusd      1405 Feb 28 10:40 snmp.conf
> -rw-------    1 radiusd  radiusd     13892 Feb 28 10:40 sql.conf
> -rw-------    1 radiusd  radiusd      7118 Mar  2 16:49 users
> -rw-------    1 radiusd  radiusd      7115 Mar  2 16:49 users~
> -rw-------    1 radiusd  radiusd      7267 Feb 28 10:40 x99.conf
> -rw-------    1 radiusd  radiusd      4165 Feb 28 10:40 x99passwd.sample
> 
> 
> On Apr 1, 2005 4:00 PM, Dennis Comeaux <[EMAIL PROTECTED]> wrote:
> > Here's where I am now:
> >
> > I have a user named radiusd in group radiusd.
> >
> > I have tried chmod -R a+rwx /etc/raddb.  I still get the
> > 5968:error:0200100D:system library:fopen:Permission
> > Denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
> > error.
> >
> > ls -l on the cacert.pem file shows that thefile has rwxrwxrwx. =(
> >
> > I know we don't want to run the server as root, but I'm running out of
> > options in this Red Hat 9 system.
> >
> > Could it be rights to the ssl libraries?????  The 1st error is the
> > fopen one, are the others symptoms of the 1st one?
> >
> > Here's the current rights setup and execution:
> >
> > [EMAIL PROTECTED] root]# ls -l /etc/raddb/certs/demoCA/
> > total 20
> > -rwxrwxrwx    1 radiusd  radiusd      1432 Feb 28 11:26 cacert.pem
> > -rwxrwxrwx    1 radiusd  radiusd       276 Feb 28 10:40 index.txt
> > -rwxrwxrwx    1 radiusd  radiusd       140 Feb 28 10:40 index.txt.old
> > -rwxrwxrwx    1 radiusd  radiusd         3 Feb 28 10:40 serial
> > -rwxrwxrwx    1 radiusd  radiusd         3 Feb 28 10:40 serial.old
> > [EMAIL PROTECTED] root]# /etc/init.d/radiusd start
> > Starting RADIUS server: Fri Apr  1 15:57:43 2005 : Info: Starting -
> > reading configuration files ...
> > 5975:error:0200100D:system library:fopen:Permission
> > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
> > 5975:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
> > 5975:error:0B084002:x509 certificate
> > routines:X509_load_cert_crl_file:system lib:by_file.c:279:
> >                                                            [FAILED]
> > [EMAIL PROTECTED] root]# /usr/local/sbin/radiusd -A
> > Fri Apr  1 15:57:51 2005 : Info: Starting - reading configuration files ...
> > 5977:error:0200100D:system library:fopen:Permission
> > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r')
> > 5977:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
> > 5977:error:0B084002:x509 certificate
> > routines:X509_load_cert_crl_file:system lib:by_file.c:279:
> > [EMAIL PROTECTED] root]#
> >
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to