HOWTO PEAP + FreeRadius + XP Client

George KNIGHT georgeknight at gmail.com
Thu May 1 19:29:45 CEST 2008 

OK, I have changed the ownership of the following files from root:root to
root:radiusd
server.pem
ca.pem
random
dh

and now radiusd -X is working.

The problem arisen because the root:root permissions on the abovementioned
files.


Will get back to you for either further questions and or a success message.

Thank you  Alan

George Knight







On Thu, May 1, 2008 at 1:06 PM, George KNIGHT <georgeknight at gmail.com>
wrote:

> Permissions are as follow;
>
>
> comp-010:/etc/raddb # dir
> total 289
> -rw-r----- 1 root radiusd   718 2008-02-14 10:35 acct_users
> -rw-r----- 1 root radiusd  4187 2008-02-14 10:35 attrs
> -rw-r----- 1 root radiusd   516 2008-02-14 10:35 attrs.access_reject
> -rw-r----- 1 root radiusd   501 2008-02-14 10:35 attrs.accounting_response
> -rw-r----- 1 root radiusd  1969 2008-02-14 10:35 attrs.pre-proxy
> drwxr-x--- 2 root radiusd   680 2008-04-30 17:48 certs
> -rw-r----- 1 root radiusd  6727 2008-04-30 12:06 clients.conf
> -rw-r----- 1 root radiusd   929 2008-02-14 10:35 dictionary
> -rw-r----- 1 root radiusd 13648 2008-04-30 17:53 eap.conf
> -rw-r----- 1 root root    13647 2008-04-25 14:01 eap.conf.orig
> -rw-r----- 1 root radiusd  4609 2008-02-14 10:35 example.pl
> -rw-r----- 1 root radiusd 14536 2008-02-14 10:35 experimental.conf
> -rw-r----- 1 root radiusd  2396 2008-02-14 10:35 hints
> -rw-r----- 1 root radiusd  1604 2008-02-14 10:35 huntgroups
> -rw-r----- 1 root radiusd  2985 2008-02-14 10:35 ldap.attrmap
> -rw-r----- 1 root radiusd  3357 2008-02-14 10:35 otp.conf
> -rw-r----- 1 root radiusd  1204 2008-02-14 10:35 policy.conf
> -rw-r----- 1 root radiusd  4922 2008-02-14 10:35 policy.txt
> -rw-r----- 1 root radiusd  1035 2008-02-14 10:35 preproxy_users
> -rw-r----- 1 root radiusd 17889 2008-02-14 10:35 proxy.conf
> -rw-r----- 1 root radiusd 60371 2008-04-30 12:18 radiusd.conf
> -rw-r----- 1 root root    60371 2008-04-25 13:14 radiusd.conf.orig
> drwxr-xr-x 2 root root      120 2008-04-25 10:17 sites-available
> drwxr-xr-x 2 root root       72 2008-04-25 10:17 sites-enabled
> -rw-r----- 1 root radiusd  1276 2008-02-14 10:35 snmp.conf
> drw-r----- 6 root radiusd   152 2008-02-14 10:35 sql
> -rw-r----- 1 root radiusd  2533 2008-02-14 10:35 sql.conf
> -rw-r----- 1 root radiusd  1988 2008-02-14 10:35 sqlippool.conf
> -rw-r----- 1 root radiusd  3503 2008-02-14 10:35 templates.conf
> -rw-r----- 1 root radiusd  6603 2008-04-30 15:50 users
> comp-010:/etc/raddb # dir ./certs
> total 104
> -rw-r----- 1 root root    4210 2008-04-25 10:17 01.pem
> -rwxr-x--- 1 root radiusd  524 2008-02-14 10:35 bootstrap
> -rw-r----- 1 root radiusd 1155 2008-02-14 10:35 ca.cnf
> -rw-r----- 1 root root    1743 2008-04-25 10:17 ca.key
> -rw-r----- 1 root root    1322 2008-04-25 10:17 ca.pem
> -rw-r----- 1 root radiusd 1109 2008-02-14 10:35 client.cnf
> -rw-r----- 1 root root     245 2008-04-25 10:18 dh
> -rw-r----- 1 root root     120 2008-04-25 10:17 index.txt
> -rw-r----- 1 root root      21 2008-04-25 10:17 index.txt.attr
> -rw-r----- 1 root root       0 2008-04-25 10:17 index.txt.old
> -rw-r----- 1 root radiusd 4430 2008-02-14 10:35 Makefile
> -rw-r----- 1 root root    5120 2008-04-25 10:18 random
> -rw-r----- 1 root radiusd 5343 2008-02-14 10:35 README
> -rw-r----- 1 root root       3 2008-04-25 10:17 serial
> -rw-r----- 1 root root       3 2008-04-25 10:17 serial.old
> -rw-r----- 1 root radiusd 1123 2008-02-14 10:35 server.cnf
> -rw-r----- 1 root root    4210 2008-04-25 10:17 server.crt
> -rw-r----- 1 root root    1062 2008-04-25 10:17 server.csr
> -rw-r----- 1 root root    1743 2008-04-25 10:17 server.key
> -rw-r----- 1 root root    2525 2008-04-25 10:17 server.p12
> -rw-r----- 1 root root    3495 2008-04-25 10:17 server.pem
> -rw-r----- 1 root radiusd  578 2008-02-14 10:35 xpextensions
> comp-010:/etc/raddb #
>
>
>
> Thank you.
> George
>
>
>
>
>
> On Thu, May 1, 2008 at 12:47 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > George KNIGHT wrote:
> > > Running radiusd -X command as a root gives me the following error
> > > message as I posted here yesterday;
> >
> >   And the permissions on that directory are... ?
> >
> > > It says a 'permission denied'  and you asked me earlier if I was
> > running
> > > the command as a root, which the answer is yes. So, how can I overcome
> > > this problem?
> >
> >   Can you look at the directory as root, from the shell?
> >
> >  In this case, the server is just calling OpenSSL... which calls the
> > normal file API.  If that returns "no permission", OpenSSL is at the
> > mercy of the file system, and FreeRADIUS is at the mercy of OpenSSL.
> >
> >  If worse comes to worse, for testing do:
> >
> > $ cd /etc/raddb
> > $ chmod -R ug+rwx .
> >
> >  Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080501/90638e6f/attachment.html>

More information about the Freeradius-Users mailing list