freeradius 1.1.6 / syslog problems
Andreas Wetzel
mickey242 at gmx.net
Sun Jul 1 16:57:55 CEST 2007
Jay Banks wrote:
>> # radiusd -f -l syslog
>> Sun Jul 1 10:40:09 2007 : Info: Starting - reading configuration files
>> ...
>> radiusd: Couldn't open syslog/radius.log for logging: Permission denied
>> (rlm_eap_tls: Loading the certificate file as a chain)
>> radiusd: Couldn't open syslog/radius.log for logging: Permission denied
>> (rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no)
>>
>> Output after that appears correctly via syslog.
>> Have I missed something? Bug or feature?
>
> With FreeBSD, that almost has to be some type of permission problem. What
> type of account are you running freeradius under? If you are testing
> freeradius using, for example, "radiusd -X", while not running as root, that
> is most likely your problem.
>
> Not likely, but if you are trying to run freeradius from daemontools, there
> are instructions in the wiki for that. Basically, you have to make the
> process running a member of the group that has logging privileges. But
> again, the first suggestion is the first place to start.
freeradius is started as the root user and should then switch to an
unprivileged user-id according to the config file:
user = radius
group = radius
But that cannot be the problem here. A relative file name of
"syslog/radius.log" is obviously wrong. Presumably the file cannot be opened
due to missing write permissions. Anyway, when doing syslog, no log file
should be opened at all, right?
Both error messages seem to originate from modules during their initialization
(rlm_eap_tls / rlm_passwd). After a quick look at the source, I would say,
this is due to calling radlog()/vradlog() from the module initialization or
elsewhere, *before* the 'radlog_dest' variable is correctly set to
RADLOG_SYSLOG in src/main/radiusd.c. After radlog_dest has been set up there,
no more such error messages appear, and log goes correctly to syslog as it
should.
Andreas
--
Keep it icy man.
I don't want to end up a corpse before my time because you were daydreaming.
More information about the Freeradius-Users
mailing list