On 16/11/2017, at 10:33 AM, Adam Bishop <Adam.Bishop@jisc.ac.uk> wrote:
On 15 Nov 2017, at 17:49, Smith, James <james.smith@saabsensis.com> wrote:
/etc/raddb/mods-config/files -rwxrwxr-- 1 root radiusd 9656 Nov 15 16:03 authorize
I'd be incredibly surprised if FreeRADIUS was at fault; it should be easy enough to confirm with strace -Ff though. Look for /etc/raddb/mods-config/files/config in the output, and verify that the call to open the file is issued correctly.
As you're running a Red Hat derived system, my money would be on SELinux blocking access to the file.
You can confirm this by installing policycoreutils-python, and running "audit2allow -a -w". Most likely cause would be that the file is mislabelled (ls -alZ will show you the labels).
Nope, not selinux. I note that the debug output has: <snip> main { security { user = "radiusd" group = "radiusd" allow_core_dumps = no } } </snip> switch_users appears to be called relatively early in the config parser, looks like right after that section of the config is parsed/printed in the debug, so check what permissions the radius user has for those files. -- Nathan Ward