Hello Hubert, check that in your config:
https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/radiusd.conf.example#L397 Regards Fabrice Le 2016-12-21 à 03:25, Hubert Kupper a écrit : > Hello, > > we have to CentOS 6.8 server running packetfence service. After upgrade > from 6.3 to 6.4.0 the the packetfence radius will not start on one of > the servers with following error (radiusd -X): > > radiusd: #### Loading Clients #### > client localhost { > ipaddr = 127.0.0.1 > require_message_authenticator = no > secret = <<< secret >>> > nas_type = "other" > proto = "*" > limit { > max_connections = 16 > lifetime = 0 > idle_timeout = 30 > } > } > client localhost_ipv6 { > ipv6addr = ::1 > require_message_authenticator = no > secret = <<< secret >>> > limit { > max_connections = 16 > lifetime = 0 > idle_timeout = 30 > } > } > Debugger not attached > Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 > 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele) > Security advisory CVE-2016-6304 (OCSP status request extension) > For more information see https://www.openssl.org/news/secadv/20160922.txt > Once you have verified libssl has been correctly patched, set > security.allow_vulnerable_openssl = 'CVE-2016-6304' > Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 > 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) > Security advisory CVE-2014-0160 (Heartbleed) > For more information see http://heartbleed.com > --------------------------------------------------------------------------------------------- > > On the other server, pf starts without errors. In radiusd.conf > "allow_vulnerable_openssl = yes" is set on both servers. > > Any ideas? > > -Hubert > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/intel > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
