Unable to start RADIUS (Permissions)
Nathan Ward
lists+freeradius at daork.net
Thu Nov 16 01:56:34 CET 2017
> On 16/11/2017, at 10:33 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
>
> On 15 Nov 2017, at 17:49, Smith, James <james.smith at saabsensis.com> wrote:
>> /etc/raddb/mods-config/files
>> -rwxrwxr-- 1 root radiusd 9656 Nov 15 16:03 authorize
>
> I'd be incredibly surprised if FreeRADIUS was at fault; it should be easy enough to confirm with strace -Ff though. Look for /etc/raddb/mods-config/files/config in the output, and verify that the call to open the file is issued correctly.
>
> As you're running a Red Hat derived system, my money would be on SELinux blocking access to the file.
>
> You can confirm this by installing policycoreutils-python, and running "audit2allow -a -w". Most likely cause would be that the file is mislabelled (ls -alZ will show you the labels).
Nope, not selinux.
I note that the debug output has:
<snip>
main {
security {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
}
</snip>
switch_users appears to be called relatively early in the config parser, looks like right after that section of the config is parsed/printed in the debug, so check what permissions the radius user has for those files.
--
Nathan Ward
More information about the Freeradius-Users
mailing list