radiusd not starting at boot.
firing neurons
firingneurons at mail.com
Thu Jun 25 15:28:00 CEST 2015
I am using 3.0.8.
The result of service radiusd status:
Redirecting to /bin/systemctl status -l radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/
radiusd.service; enabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2015-06-26 00:08:14
IST; 5h 24min left
Process: 819 ExecStartPre=/usr/sbin/radiusd -C (code=exited,
status=1/FAILURE)
Process: 794 ExecStartPre=/bin/chown -R radiusd.radiusd
/var/run/radiusd (code=exited, status=0/SUCCESS)
Jun 26 00:08:11 localhost.localdomain systemd[1]: Starting FreeRADIUS
high performance RADIUS server....
Jun 26 00:08:14 localhost.localdomain systemd[1]: radiusd.service:
control process exited, code=exited status=1
Jun 26 00:08:14 localhost.localdomain systemd[1]: Failed to start
FreeRADIUS high performance RADIUS server..
Jun 26 00:08:14 localhost.localdomain systemd[1]: Unit radiusd.service
entered failed state.
Jun 26 00:08:14 localhost.localdomain systemd[1]: radiusd.service
failed.
result of service radiusd start:
Redirecting to /bin/systemctl start radiusd.service
Job for radiusd.service failed. See "systemctl status radiusd.service"
and "journalctl -xe" for details.
[cleardot.gif]
result of journalctl -xe:
Jun 25 18:50:56 localhost.localdomain setroubleshoot[2449]: SELinux is preventin
g radiusd from read access on the file /etc/raddb/dictionary. For complete SELin
ux messages. run sealert -l 35e3131e-b329-4326-add0-6fde9b762f14
Jun 25 18:50:56 localhost.localdomain python[2449]: SELinux is preventing radius
d from read access on the file /etc/raddb/dictionary.
***** Plugin restorecon (99
.5 confidence) suggests ************************
If you want to fix the label
.
/etc/raddb/dictionary defaul
t label should be radiusd_etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/r
addb/dictionary
***** Plugin catchall (1.49
confidence) suggests **************************
If you believe that radiusd
should be allowed read access on the dictionary file by default.
Then you should report this
as a bug.
You can generate a local pol
icy module to allow this access.
Do
allow this access for now by
executing:
# grep radiusd /var/log/audi
t/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Jun 25 18:50:56 localhost.localdomain setroubleshoot[2449]: SELinux is preventin
g radiusd from read access on the file /etc/raddb/clients.conf. For complete SEL
inux messages. run sealert -l 35e3131e-b329-4326-add0-6fde9b762f14
Jun 25 18:50:56 localhost.localdomain python[2449]: SELinux is preventing radius
d from read access on the file /etc/raddb/clients.conf.
***** Plugin restorecon (99
.5 confidence) suggests ************************
If you want to fix the label
.
/etc/raddb/clients.conf defa
ult label should be radiusd_etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/r
addb/clients.conf
***** Plugin catchall (1.49
confidence) suggests **************************
If you believe that radiusd
should be allowed read access on the clients.conf file by default.
Then you should report this
as a bug.
You can generate a local pol
icy module to allow this access.
Do
allow this access for now by
executing:
# grep radiusd /var/log/audi
t/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Jun 25 18:50:56 localhost.localdomain polkitd[660]: Unregistered Authentication
Agent for unix-process:2678:78843 (system bus name :1.64, object path /org/freed
esktop/PolicyKit1/AuthenticationAgent, locale en_IN.UTF-8) (disconnected from bu
s)
Jun 25 18:51:00 localhost.localdomain polkitd[660]: Registered Authentication Ag
ent for unix-process:2863:79253 (system bus name :1.65 [/usr/bin/pkttyagent --no
tify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAge
nt, locale en_IN.UTF-8)
Jun 25 18:51:00 localhost.localdomain systemd[1]: Starting FreeRADIUS high perfo
rmance RADIUS server....
-- Subject: Unit radiusd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit radiusd.service has begun starting up.
Jun 25 18:51:00 localhost.localdomain audit[2886]: <audit-1400> avc: denied {
sys_ptrace } for pid=2886 comm="radiusd" capability=19 scontext=system_u:syste
m_r:radiusd_t:s0 tcontext=system_u:system_r:radiusd_t:s0 tclass=capability permi
ssive=0
Jun 25 18:51:00 localhost.localdomain kernel: ptrace of pid 2885 was attempted b
y: radiusd (pid 2886)
Jun 25 18:51:00 localhost.localdomain audit[2885]: <audit-1400> avc: denied {
read } for pid=2885 comm="radiusd" name="dictionary" dev="dm-1" ino=1711521 sco
ntext=system_u:system_r:radiusd_t:s0 tcontext=unconfined_u:object_r:user_home_t:
s0 tclass=file permissive=0
Jun 25 18:51:00 localhost.localdomain audit[2885]: <audit-1400> avc: denied {
read } for pid=2885 comm="radiusd" name="clients.conf" dev="dm-1" ino=1711520 s
context=system_u:system_r:radiusd_t:s0 tcontext=unconfined_u:object_r:user_home_
t:s0 tclass=file permissive=0
Jun 25 18:51:00 localhost.localdomain systemd[1]: radiusd.service: control proce
ss exited, code=exited status=1
Jun 25 18:51:00 localhost.localdomain systemd[1]: Failed to start FreeRADIUS hig
h performance RADIUS server..
-- Subject: Unit radiusd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit radiusd.service has failed.
--
-- The result is failed.
Jun 25 18:51:00 localhost.localdomain systemd[1]: Unit radiusd.service entered f
ailed state.
Jun 25 18:51:00 localhost.localdomain systemd[1]: radiusd.service failed.
Jun 25 18:51:00 localhost.localdomain audit[1]: <audit-1130> pid=1 uid=0 auid=42
94967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=radiusd comm=
"systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed
'
Jun 25 18:51:00 localhost.localdomain setroubleshoot[2449]: SELinux is preventin
g radiusd from using the sys_ptrace capability. For complete SELinux messages. r
un sealert -l cac781eb-1cae-4673-b684-6308a2c7ff2b
Jun 25 18:51:00 localhost.localdomain python[2449]: SELinux is preventing radius
d from using the sys_ptrace capability.
***** Plugin catchall (100.
confidence) suggests **************************
If you believe that radiusd
should have the sys_ptrace capability by default.
Then you should report this
as a bug.
You can generate a local pol
icy module to allow this access.
Do
allow this access for now by
executing:
# grep radiusd /var/log/audi
t/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Jun 25 18:51:00 localhost.localdomain setroubleshoot[2449]: SELinux is preventin
g radiusd from read access on the file /etc/raddb/dictionary. For complete SELin
ux messages. run sealert -l 35e3131e-b329-4326-add0-6fde9b762f14
Jun 25 18:51:00 localhost.localdomain python[2449]: SELinux is preventing radius
d from read access on the file /etc/raddb/dictionary.
***** Plugin restorecon (99
.5 confidence) suggests ************************
If you want to fix the label
.
/etc/raddb/dictionary defaul
t label should be radiusd_etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/r
addb/dictionary
***** Plugin catchall (1.49
confidence) suggests **************************
If you believe that radiusd
should be allowed read access on the dictionary file by default.
Then you should report this
as a bug.
You can generate a local pol
icy module to allow this access.
Do
allow this access for now by
executing:
# grep radiusd /var/log/audi
t/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Jun 25 18:51:00 localhost.localdomain setroubleshoot[2449]: SELinux is preventin
g radiusd from read access on the file /etc/raddb/clients.conf. For complete SEL
inux messages. run sealert -l 35e3131e-b329-4326-add0-6fde9b762f14
Jun 25 18:51:00 localhost.localdomain python[2449]: SELinux is preventing radius
d from read access on the file /etc/raddb/clients.conf.
***** Plugin restorecon (99
.5 confidence) suggests ************************
If you want to fix the label
.
/etc/raddb/clients.conf defa
ult label should be radiusd_etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/r
addb/clients.conf
***** Plugin catchall (1.49
confidence) suggests **************************
If you believe that radiusd
should be allowed read access on the clients.conf file by default.
Then you should report this
as a bug.
You can generate a local pol
icy module to allow this access.
Do
allow this access for now by
executing:
# grep radiusd /var/log/audi
t/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Jun 25 18:51:01 localhost.localdomain polkitd[660]: Unregistered Authentication
Agent for unix-process:2863:79253 (system bus name :1.65, object path /org/freed
esktop/PolicyKit1/AuthenticationAgent, locale en_IN.UTF-8) (disconnected from bu
s)
More information about the Freeradius-Users
mailing list