Difficulties with rlm_perl specifically sending mail

David Buckley david.buckley at canterbury.ac.nz
Wed Feb 10 02:20:07 CET 2010


Dear List

Finally(!) got to the bottom this...

The RHEL server of interest is actually a RHEL SELinux server, and SELinux enforced that a process owned by the user radiusd should not be accessing a remote port 25.

Cure was a local policy override, and for those who know as much SELinux as I do, the instructions for this (actually really easy) procedure can be found in the manpage for audit2allow.

Can I just say: rlm_perl rocks.

Cheers, David.

-----Original Message-----
From: freeradius-users-bounces+david.buckley=canterbury.ac.nz at lists.freeradius.org [mailto:freeradius-users-bounces+david.buckley=canterbury.ac.nz at lists.freeradius.org] On Behalf Of Nicolas Goutte
Sent: Tuesday, 2 February 2010 10:19 p.m.
To: FreeRadius users mailing list
Subject: Re: Difficulties with rlm_perl specifically sending mail


Am 02.02.2010 um 00:12 schrieb David Buckley:

>
> Greetings from New Zealand
>
> I have a two factor auth system built using rlm_perl, which is all 
> working fine but for one problem.
>
> I have a function that sends emails for sending one-time passwords via 
> SMS which works perfectly when FR is run as radiusd -X, but doesn't 
> work when FR started as a service.  This FR 2.1.7 RPM installation on 
> RHEL modern and patched.  When run as a service RHEL runs radiusd as 
> user and group radiusd.

Just an idea: sending emails often means starting the program sendmail. Perhaps radiusd started as service has no $PATH and therefore cannot find sendmail.


[...]

>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

Nicolas Goutte


extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany

Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

This email may be confidential and subject to legal privilege, it may
not reflect the views of the University of Canterbury, and it is not
guaranteed to be virus free. If you are not an intended recipient,
please notify the sender immediately and erase all copies of the message
and any attachments.

Please refer to http://www.canterbury.ac.nz/emaildisclaimer for more
information.




More information about the Freeradius-Users mailing list