Freeradius How to integrate Active Directory [AD Integration WindowsXP NTLM Tutorial]

[Michael Griego]

Actually, that's not completely true.  Using /dev/random as the file 
argument for RAND_load_file when seeding the PRNG is recommended 
practice on systems that have it.  The RAND_load_file call in the 
eap_tls code will only read at max 1048567 (1024 * 1024) bytes from the 
file, so it won't read infinitely.  The problem here is that /dev/random 
is blocking.  To keep that from happening, use /dev/urandom, if your 
system has it, or some other entropy source (such as egd).

--Mike

Alan DeKok wrote:
> Robin Mordasiewicz <rmordasiewicz at samuelmanutech.com> wrote:
>   
>> thanks for this. I change to use the /dev/random as per your tutorial but
>> radiusd hangs. When I change the random_file back to the original then it
>> works
>>     
>
>   Yes.  The "random_file" needed by the TLS module is a *pool* of
> random numbers.  /dev/random and /dev/urandom are infinite streams of
> random numbers.  So the TLS module thinks that the "pool" is infinite
> in size, and takes forever to read it.
>
>   The default config of the server for "random_file" is correct, and
> should be used.
>
>   Alan DeKok.
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>