There was a thread back on April 18th with the subject "rlm_ippool does
not create DB and IDX files"
There were several incorrect statements and assumptions in that thread
culminating in "it's a SELinux problem". Nope, it's not a SELinux problem.
The fundamental problem is db_dir is set in /etc/raddb/radiusd.conf to
/etc/raddb. This is incorrect, in fact the comment above the
initialization of db_dir
# Should likely be ${localstatedir}/lib/radiusd
is exactly correct, it should be /var/lib/radiusd, why?
1) Files under /etc are supposed to be configuration files only
2) The directory /etc/raddb is writable only by root, the radiusd daemon
is drops root privileges and runs as radiusd:radiusd (by default).
3) Database files are supposed to be located under /var/lib/{application}
In the aforementioned thread the user apparently changed the ownership
of /etc/raddb and the user:group the daemon was running under creating
disinformation. If SELinux denied creating the db files under /etc/raddb
after hacking the ownership and permissions then SELinux in fact
operated correctly, you're not supposed to create/write database files
under /etc, that violates the rules for what belongs under /etc.
Instead /etc/raddb should have this line:
db_dir = ${localstatedir}/lib/radiusd
This has been reported as a configuration bug for Red Hat in:
https://bugzilla.redhat.com/show_bug.cgi?id=891297
The above bug report also contains some additional information.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
