Re: HOWTO PEAP + FreeRadius + XP Client

["George KNIGHT" <georgeknight@gmail.com>]

OK, I have changed the ownership of the following files from root:root to root:radiusd

server.pem

ca.pem

random

dh

and now radiusd -X is working.

The problem arisen because the root:root permissions on the abovementioned files.

Will get back to you for either further questions and or a success message.

Thank you  Alan

George Knight

On Thu, May 1, 2008 at 1:06 PM, George KNIGHT <georgeknight@gmail.com> wrote:

Permissions are as follow;

comp-010:/etc/raddb # dir

total 289

-rw-r----- 1 root radiusd   718 2008-02-14 10:35 acct_users

-rw-r----- 1 root radiusd  4187 2008-02-14 10:35 attrs

-rw-r----- 1 root radiusd   516 2008-02-14 10:35 attrs.access_reject

-rw-r----- 1 root radiusd   501 2008-02-14 10:35 attrs.accounting_response

-rw-r----- 1 root radiusd  1969 2008-02-14 10:35 attrs.pre-proxy

drwxr-x--- 2 root radiusd   680 2008-04-30 17:48 certs

-rw-r----- 1 root radiusd  6727 2008-04-30 12:06 clients.conf

-rw-r----- 1 root radiusd   929 2008-02-14 10:35 dictionary

-rw-r----- 1 root radiusd 13648 2008-04-30 17:53 eap.conf

-rw-r----- 1 root root    13647 2008-04-25 14:01 eap.conf.orig

-rw-r----- 1 root radiusd  4609 2008-02-14 10:35 example.pl

-rw-r----- 1 root radiusd 14536 2008-02-14 10:35 experimental.conf

-rw-r----- 1 root radiusd  2396 2008-02-14 10:35 hints

-rw-r----- 1 root radiusd  1604 2008-02-14 10:35 huntgroups

-rw-r----- 1 root radiusd  2985 2008-02-14 10:35 ldap.attrmap

-rw-r----- 1 root radiusd  3357 2008-02-14 10:35 otp.conf

-rw-r----- 1 root radiusd  1204 2008-02-14 10:35 policy.conf

-rw-r----- 1 root radiusd  4922 2008-02-14 10:35 policy.txt

-rw-r----- 1 root radiusd  1035 2008-02-14 10:35 preproxy_users

-rw-r----- 1 root radiusd 17889 2008-02-14 10:35 proxy.conf

-rw-r----- 1 root radiusd 60371 2008-04-30 12:18 radiusd.conf

-rw-r----- 1 root root    60371 2008-04-25 13:14 radiusd.conf.orig

drwxr-xr-x 2 root root      120 2008-04-25 10:17 sites-available

drwxr-xr-x 2 root root       72 2008-04-25 10:17 sites-enabled

-rw-r----- 1 root radiusd  1276 2008-02-14 10:35 snmp.conf

drw-r----- 6 root radiusd   152 2008-02-14 10:35 sql

-rw-r----- 1 root radiusd  2533 2008-02-14 10:35 sql.conf

-rw-r----- 1 root radiusd  1988 2008-02-14 10:35 sqlippool.conf

-rw-r----- 1 root radiusd  3503 2008-02-14 10:35 templates.conf

-rw-r----- 1 root radiusd  6603 2008-04-30 15:50 users

comp-010:/etc/raddb # dir ./certs

total 104

-rw-r----- 1 root root    4210 2008-04-25 10:17 01.pem

-rwxr-x--- 1 root radiusd  524 2008-02-14 10:35 bootstrap

-rw-r----- 1 root radiusd 1155 2008-02-14 10:35 ca.cnf

-rw-r----- 1 root root    1743 2008-04-25 10:17 ca.key

-rw-r----- 1 root root    1322 2008-04-25 10:17 ca.pem

-rw-r----- 1 root radiusd 1109 2008-02-14 10:35 client.cnf

-rw-r----- 1 root root     245 2008-04-25 10:18 dh

-rw-r----- 1 root root     120 2008-04-25 10:17 index.txt

-rw-r----- 1 root root      21 2008-04-25 10:17 index.txt.attr

-rw-r----- 1 root root       0 2008-04-25 10:17 index.txt.old

-rw-r----- 1 root radiusd 4430 2008-02-14 10:35 Makefile

-rw-r----- 1 root root    5120 2008-04-25 10:18 random

-rw-r----- 1 root radiusd 5343 2008-02-14 10:35 README

-rw-r----- 1 root root       3 2008-04-25 10:17 serial

-rw-r----- 1 root root       3 2008-04-25 10:17 serial.old

-rw-r----- 1 root radiusd 1123 2008-02-14 10:35 server.cnf

-rw-r----- 1 root root    4210 2008-04-25 10:17 server.crt

-rw-r----- 1 root root    1062 2008-04-25 10:17 server.csr

-rw-r----- 1 root root    1743 2008-04-25 10:17 server.key

-rw-r----- 1 root root    2525 2008-04-25 10:17 server.p12

-rw-r----- 1 root root    3495 2008-04-25 10:17 server.pem

-rw-r----- 1 root radiusd  578 2008-02-14 10:35 xpextensions

comp-010:/etc/raddb #

Thank you.

George

On Thu, May 1, 2008 at 12:47 PM, Alan DeKok <aland@deployingradius.com> wrote:

George KNIGHT wrote:
> Running radiusd -X command as a root gives me the following error
> message as I posted here yesterday;

 And the permissions on that directory are... ?

> It says a 'permission denied'  and you asked me earlier if I was running
> the command as a root, which the answer is yes. So, how can I overcome
> this problem?

 Can you look at the directory as root, from the shell?

 In this case, the server is just calling OpenSSL... which calls the
normal file API.  If that returns "no permission", OpenSSL is at the
mercy of the file system, and FreeRADIUS is at the mercy of OpenSSL.

 If worse comes to worse, for testing do:

$ cd /etc/raddb
$ chmod -R ug+rwx .

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html