On 01/05/2010 03:16 PM, Alan Buxey wrote:
Hi,
I am running RHEL 5.3 and FreeRADIUS Version 2.1.8.
When I install freeradius and attempt to start it for the first time using the /etc/init.d/radiusd start script it always fails (only right after freeradius is installed), once i run freeradius with -X (in debug mode) it creates all the keys and such then I can cntrl + c and start free radius from that point forward using the init script... my question is why do I have to do this? Is there anyway around this?
probably because when run from the init script it cannot actually start the daemon (due to requirements to create the key etc). if everything is in place correctly beforehand then it will work.
I guess the question , then, is - can the RPM do the required creation of example/test keys etc rather than require the admin to jump through the hoops - and thats a question for the distro maintainers.
The RPM could initially create the temporary certificates. There are two reasons why it doesn't at the moment. 1) It would deviate from everything written here on this list and the wiki. Discrepancies like that usually causes more problems than would be solved by it. People have a hard enough time following instructions in the first place (this list is pure evidence of that). If they then have to modify the instructions based on the distribution they'll be hopelessly confused :-( 2) The certificates created are *temporary* and *not* intended for production use. As such it's always a good idea to bring this crucial fact to the attention of the person installing the server. No better way to make them aware of this than forcing them to perform a manual step. Otherwise they'll blindly think everything is hokey-dokey and deploy the server with temporary self-signed certs. If you really think this is needs to change then file a bug. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/