EAP-TLS not initializing
Alan DeKok
aland at deployingradius.com
Thu Nov 6 15:08:20 CET 2014
Ben Tucker wrote:
> Not a very affluent Linux user here but this issue is beyond me. I
> think its something simple to solve but can't figure it out for the life
> of me. When running radius in debug mode it is giving me a permission
> denied message when trying to load the certificates. The certs are
> there in the correct directory. What else am I missing here?
The permissions are wrong.
For one, you're using version 1. Don't. Upgrade to 2.2.5.
> [root at lasamiq3 raddb]# dir -l certs
> total 64
> -rw-r--rwx 1 root radiusd 721 Dec 4 2009 cert-clt.der
Uh... you do realize that's bad, right?
The files should NOT be readable and writable by everyone on the
system. They should NOT be executable.
You went out of your way to break the server. Don't do that. The
default permissions are correct.
You need to do the following as root:
cd /etc/raddb
chmod -R -x .
chmod -R o-rw .
And don't break the server. It causes problems.
More information about the Freeradius-Users
mailing list