<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Thanks, I have changed the permissions as you stated but am still getting the same error when I run freeradius in debug mode. <br><br>I have changed the permissions to the directory however.<br><br>[root@lasamiq3 raddb]# dir -l<br>total 264<br>-rw-r----- 1 root radiusd 422 Dec 4 2009 acct_users<br>-rw-r----- 1 root radiusd 4074 Dec 4 2009 attrs<br>drw-r----- 3 root radiusd 4096 Nov 5 16:59 certs<br>-rw-r----- 1 root radiusd 189 Dec 4 2009 clients<br>-rw-r----- 1 root radiusd 2923 Nov 5 12:26 clients.conf<br>-rw-r----- 1 root radiusd 929 Dec 4 2009 dictionary<br>-rw-r----- 1 root radiusd 9908 Nov 6 14:06 eap.conf<br>-rw-r----- 1 root root 9985 Nov 5 16:48 eap.conf.1<br>-rw-r----- 1 root radiusd 4620 Dec 4 2009 example.pl<br>-rw-r----- 1 root radiusd 2396 Dec 4 2009 hints<br>-rw-r----- 1 root radiusd 1604 Dec 4 2009 huntgroups<br>-rw-r----- 1 root radiusd 2439 Dec 4 2009 ldap.attrmap<br>-rw-r----- 1 root radiusd 1020 Dec 4 2009 naslist<br>-rw-r----- 1 root radiusd 856 Dec 4 2009 naspasswd<br>-rw-r----- 1 root radiusd 3358 Dec 4 2009 otp.conf<br>-rw-r----- 1 root radiusd 1734 Dec 4 2009 otppasswd.sample<br>-rw-r----- 1 root radiusd 1039 Dec 4 2009 preproxy_users<br>-rw-r----- 1 root radiusd 8834 Dec 4 2009 proxy.conf<br>-rw-r----- 1 root radiusd 66189 Nov 5 23:54 radiusd.conf<br>-rw-r----- 1 root root 66091 Nov 5 22:55 radiusd.conf.1<br>-rw-r----- 1 root radiusd 187 Dec 4 2009 realms<br>-rw-r----- 1 root radiusd 1405 Dec 4 2009 snmp.conf<br>-rw-r----- 1 root radiusd 3329 Dec 4 2009 sqlippool.conf<br>-rw-r----- 1 root radiusd 7060 Nov 5 16:44 users<br><br><div>> Date: Thu, 6 Nov 2014 09:08:20 -0500<br>> From: aland@deployingradius.com<br>> To: freeradius-users@lists.freeradius.org<br>> Subject: Re: EAP-TLS not initializing<br>> <br>> Ben Tucker wrote:<br>> > Not a very affluent Linux user here but this issue is beyond me. I<br>> > think its something simple to solve but can't figure it out for the life<br>> > of me. When running radius in debug mode it is giving me a permission<br>> > denied message when trying to load the certificates. The certs are<br>> > there in the correct directory. What else am I missing here?<br>> <br>> The permissions are wrong.<br>> <br>> For one, you're using version 1. Don't. Upgrade to 2.2.5.<br>> <br>> > [root@lasamiq3 raddb]# dir -l certs<br>> > total 64<br>> > -rw-r--rwx 1 root radiusd 721 Dec 4 2009 cert-clt.der<br>> <br>> Uh... you do realize that's bad, right?<br>> <br>> The files should NOT be readable and writable by everyone on the<br>> system. They should NOT be executable.<br>> <br>> You went out of your way to break the server. Don't do that. The<br>> default permissions are correct.<br>> <br>> You need to do the following as root:<br>> <br>> cd /etc/raddb<br>> chmod -R -x .<br>> chmod -R o-rw .<br>> <br>> And don't break the server. It causes problems.<br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></div> </div></body>
</html>