radiusd -X On First Boot

John Dennis jdennis at redhat.com
Tue Jan 5 21:37:25 CET 2010


On 01/05/2010 03:16 PM, Alan Buxey wrote:
> Hi,
>> I am running RHEL 5.3 and FreeRADIUS Version 2.1.8.
>>
>> When I install freeradius and attempt to start it for the first time using the /etc/init.d/radiusd start script it always fails (only right after freeradius is installed), once i run freeradius with -X (in debug mode) it creates all the keys and such then I can cntrl + c and start free radius from that point forward using the init script... my question is why do I have to do this? Is there anyway around this?
>
> probably because when run from the init script it cannot actually start the
> daemon (due to requirements to create the key etc).  if everything is in place
> correctly beforehand then it will work.
>
> I guess the question , then, is - can the RPM do the required creation of
> example/test keys etc rather than require the admin to jump through the
> hoops - and thats a question for the distro maintainers.

The RPM could initially create the temporary certificates. There are two 
reasons why it doesn't at the moment.

1) It would deviate from everything written here on this list and the 
wiki. Discrepancies like that usually causes more problems than would be 
solved by it. People have a hard enough time following instructions in 
the first place (this list is pure evidence of that). If they then have 
to modify the instructions based on the distribution they'll be 
hopelessly confused :-(

2) The certificates created are *temporary* and *not* intended for 
production use. As such it's always a good idea to bring this crucial 
fact to the attention of the person installing the server. No better way 
to make them aware of this than forcing them to perform a manual step. 
Otherwise they'll blindly think everything is hokey-dokey and deploy the 
server with temporary self-signed certs.

If you really think this is needs to change then file a bug.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list