strange behavior when EAP is enabled?

Alan DeKok aland at deployingradius.com
Fri Dec 20 22:00:10 CET 2019


On Dec 20, 2019, at 3:56 PM, Coy Hile <coy.hile at coyhile.com> wrote:
> 
> I’ve seen a strange one… I’ve created the test certs, etc, that enable the EAP configuration to work. Running radiusd -X, one sees (in relevant part):
> ...
> However, if I try to start radiusd as normal (not via -X), I end up with this behavior in the logs:
> 
> Fri Dec 20 20:46:38 2019 : Error: tls: Failed reading certificate file "/opt/local/etc/raddb/certs/server.pem": error:0906D06C:PEM routines:PEM_read_bio:no start line

  That's probably file permissions.  OpenSSL is notorious for terrible error messages,

> Clearly, I can disable EAP (as I don’t use it at the moment) and get things working; however, I’m trying to disable as little of the default configs as possible. Is there something different in the code path when debugging is enabled vs not that is making OpenSSL libraries do something weird?

  If you're running "radiusd -X" as root, and daemon mode as user radiusd, then the issue is likely file permissions.

  Alan DeKok.




More information about the Freeradius-Users mailing list