Thanks, I have changed the permissions as you stated but am still getting the same error when I run freeradius in debug mode. I have changed the permissions to the directory however. [root@lasamiq3 raddb]# dir -l total 264 -rw-r----- 1 root radiusd 422 Dec 4 2009 acct_users -rw-r----- 1 root radiusd 4074 Dec 4 2009 attrs drw-r----- 3 root radiusd 4096 Nov 5 16:59 certs -rw-r----- 1 root radiusd 189 Dec 4 2009 clients -rw-r----- 1 root radiusd 2923 Nov 5 12:26 clients.conf -rw-r----- 1 root radiusd 929 Dec 4 2009 dictionary -rw-r----- 1 root radiusd 9908 Nov 6 14:06 eap.conf -rw-r----- 1 root root 9985 Nov 5 16:48 eap.conf.1 -rw-r----- 1 root radiusd 4620 Dec 4 2009 example.pl -rw-r----- 1 root radiusd 2396 Dec 4 2009 hints -rw-r----- 1 root radiusd 1604 Dec 4 2009 huntgroups -rw-r----- 1 root radiusd 2439 Dec 4 2009 ldap.attrmap -rw-r----- 1 root radiusd 1020 Dec 4 2009 naslist -rw-r----- 1 root radiusd 856 Dec 4 2009 naspasswd -rw-r----- 1 root radiusd 3358 Dec 4 2009 otp.conf -rw-r----- 1 root radiusd 1734 Dec 4 2009 otppasswd.sample -rw-r----- 1 root radiusd 1039 Dec 4 2009 preproxy_users -rw-r----- 1 root radiusd 8834 Dec 4 2009 proxy.conf -rw-r----- 1 root radiusd 66189 Nov 5 23:54 radiusd.conf -rw-r----- 1 root root 66091 Nov 5 22:55 radiusd.conf.1 -rw-r----- 1 root radiusd 187 Dec 4 2009 realms -rw-r----- 1 root radiusd 1405 Dec 4 2009 snmp.conf -rw-r----- 1 root radiusd 3329 Dec 4 2009 sqlippool.conf -rw-r----- 1 root radiusd 7060 Nov 5 16:44 users
Date: Thu, 6 Nov 2014 09:08:20 -0500 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: EAP-TLS not initializing
Ben Tucker wrote:
Not a very affluent Linux user here but this issue is beyond me. I think its something simple to solve but can't figure it out for the life of me. When running radius in debug mode it is giving me a permission denied message when trying to load the certificates. The certs are there in the correct directory. What else am I missing here?
The permissions are wrong.
For one, you're using version 1. Don't. Upgrade to 2.2.5.
[root@lasamiq3 raddb]# dir -l certs total 64 -rw-r--rwx 1 root radiusd 721 Dec 4 2009 cert-clt.der
Uh... you do realize that's bad, right?
The files should NOT be readable and writable by everyone on the system. They should NOT be executable.
You went out of your way to break the server. Don't do that. The default permissions are correct.
You need to do the following as root:
cd /etc/raddb chmod -R -x . chmod -R o-rw .
And don't break the server. It causes problems. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html