On 10/14/2009 09:00 AM, Neville wrote:
Hi,
I've installed the freeradius_auth plugin
added to plugins.conf
[freeradius*]
user root
But still I get the following error when the plugin is run...
radmin: Failed connecting to /usr/local/var/run/radiusd/radiusd.sock:
Permission denied
edit the munin/plugins/freeradius* files and put the correct user into
the RADMIN= part. you really should NEVER be using the root user -
simply use the user that you run radiusd as (once again, should never be
root) - check the radiusd.sock to see who/what owns it (ls -l
/usr/local/var/run/radiusd/radiusd.sock)
Thx Alan, the problem is that the radiusd is owned by root, so not quite
sure how to ensure at system startup that /etc/init.d/radiusd is actual
run by the radiusd user in /etc/passwd.
I've done a chown -R radiusd:radiusd on the programme and
/usr/local/etc/raddb, but this the radiusd.sock file is owned by root.
Please read the comments in /etc/raddb/radiusd.conf concerning user and
group. The line in the config files starts with:
"user/group: The name (or #number) of the user/group to run radiusd as"
You don't want to change the permissions the way you did. The correct
behavior is for radiusd to be owned by root, the server needs root
privileges when it starts up, but then it subsequently drops those
privileges to what is specified in the config file.
I do seem to recall an issue where at start up the server had not yet
dropped privileges when it created the domain socket, which it should.
I'm sorry, I don't recall the resolution of that issue.
The correct behavior is for both the server and client trying to connect
to the local domain socket to be the *same* user, normally radius or
radiusd, each of these is specified in its respective config file.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
