Hello Fabrice, I had "allow_vulnerable_openssl = yes" already set. On the bad server I switched back to a image with 6.2.1 then I did all centOS updates with disablerepo=packetfence. After this I've installed packetfence and now it works fine!
Thanks and regards Hubert Am 22.12.2016 um 02:39 schrieb Durand fabrice: > Hello Hubert, > > check that in your config: > > https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/radiusd.conf.example#L397 > > Regards > > Fabrice > > > > Le 2016-12-21 à 03:25, Hubert Kupper a écrit : >> Hello, >> >> we have to CentOS 6.8 server running packetfence service. After upgrade >> from 6.3 to 6.4.0 the the packetfence radius will not start on one of >> the servers with following error (radiusd -X): >> >> radiusd: #### Loading Clients #### >> client localhost { >> ipaddr = 127.0.0.1 >> require_message_authenticator = no >> secret = <<< secret >>> >> nas_type = "other" >> proto = "*" >> limit { >> max_connections = 16 >> lifetime = 0 >> idle_timeout = 30 >> } >> } >> client localhost_ipv6 { >> ipv6addr = ::1 >> require_message_authenticator = no >> secret = <<< secret >>> >> limit { >> max_connections = 16 >> lifetime = 0 >> idle_timeout = 30 >> } >> } >> Debugger not attached >> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 >> 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele) >> Security advisory CVE-2016-6304 (OCSP status request extension) >> For more information see https://www.openssl.org/news/secadv/20160922.txt >> Once you have verified libssl has been correctly patched, set >> security.allow_vulnerable_openssl = 'CVE-2016-6304' >> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 >> 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) >> Security advisory CVE-2014-0160 (Heartbleed) >> For more information see http://heartbleed.com >> --------------------------------------------------------------------------------------------- >> >> On the other server, pf starts without errors. In radiusd.conf >> "allow_vulnerable_openssl = yes" is set on both servers. >> >> Any ideas? >> >> -Hubert >> >> ------------------------------------------------------------------------------ >> Developer Access Program for Intel Xeon Phi Processors >> Access to Intel Xeon Phi processor-based developer platforms. >> With one year of Intel Parallel Studio XE. >> Training and support from Colfax. >> Order your platform today.http://sdm.link/intel >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/intel > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
