Humberto Diogenes wrote:
Starting FreeRADIUS daemon: (failed! run '/usr/sbin/freeradius -x' to find out why.)
I just fixed that.
# No exec permission Exec-Program output: Exec-Program: FAILED to execute /etc/freeradius/ certs/bootstrap: Permission denied
You installed the server as root, and are not running it as root. That is wrong. The permissions are set to be secure, so that no one else can read the private configuration files.
unable to write 'random state' writing new private key to 'ca.key'
# Fixing it: chmod g+w certs
No. The RADIUS server should NOT have permission to write to its configuration files. This is for security.
# After that, wrong permissions for new files: root@caju-test:/etc/freeradius/certs# ls -la total 54 drwxr-s--x 2 root freerad 1024 2007-08-18 02:37 . drwxr-s--x 4 root freerad 1024 2007-08-18 02:33 .. -rw-r--r-- 1 freerad freerad 4210 2007-08-18 02:36 01.pem
While those permissions *look* insecure, they're not. The permissions for '.', above, ensure that unwanted people can't access the files.
# Fixing permissions: root@caju-test:/etc/freeradius/certs# chown root * root@caju-test:/etc/freeradius/certs# chmod o= *
And the server SHOULD be run as "root" the first time to generate the certificates. You should then fix the permissions to match your local policy. Alan DeKok.