EAP-TLS not initializing

Ben Tucker h_bbit at hotmail.com
Thu Nov 6 15:27:26 CET 2014 

Thanks, I have changed the permissions as you stated but am still getting the same error when I run freeradius in debug mode. 

I have changed the permissions to the directory however.

[root at lasamiq3 raddb]# dir -l
total 264
-rw-r----- 1 root radiusd   422 Dec  4  2009 acct_users
-rw-r----- 1 root radiusd  4074 Dec  4  2009 attrs
drw-r----- 3 root radiusd  4096 Nov  5 16:59 certs
-rw-r----- 1 root radiusd   189 Dec  4  2009 clients
-rw-r----- 1 root radiusd  2923 Nov  5 12:26 clients.conf
-rw-r----- 1 root radiusd   929 Dec  4  2009 dictionary
-rw-r----- 1 root radiusd  9908 Nov  6 14:06 eap.conf
-rw-r----- 1 root root     9985 Nov  5 16:48 eap.conf.1
-rw-r----- 1 root radiusd  4620 Dec  4  2009 example.pl
-rw-r----- 1 root radiusd  2396 Dec  4  2009 hints
-rw-r----- 1 root radiusd  1604 Dec  4  2009 huntgroups
-rw-r----- 1 root radiusd  2439 Dec  4  2009 ldap.attrmap
-rw-r----- 1 root radiusd  1020 Dec  4  2009 naslist
-rw-r----- 1 root radiusd   856 Dec  4  2009 naspasswd
-rw-r----- 1 root radiusd  3358 Dec  4  2009 otp.conf
-rw-r----- 1 root radiusd  1734 Dec  4  2009 otppasswd.sample
-rw-r----- 1 root radiusd  1039 Dec  4  2009 preproxy_users
-rw-r----- 1 root radiusd  8834 Dec  4  2009 proxy.conf
-rw-r----- 1 root radiusd 66189 Nov  5 23:54 radiusd.conf
-rw-r----- 1 root root    66091 Nov  5 22:55 radiusd.conf.1
-rw-r----- 1 root radiusd   187 Dec  4  2009 realms
-rw-r----- 1 root radiusd  1405 Dec  4  2009 snmp.conf
-rw-r----- 1 root radiusd  3329 Dec  4  2009 sqlippool.conf
-rw-r----- 1 root radiusd  7060 Nov  5 16:44 users

> Date: Thu, 6 Nov 2014 09:08:20 -0500
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: EAP-TLS not initializing
> 
> Ben Tucker wrote:
> > Not a very affluent Linux user here but this issue is beyond me.  I
> > think its something simple to solve but can't figure it out for the life
> > of me.  When running radius in debug mode it is giving me a permission
> > denied message when trying to load the certificates.  The certs are
> > there in the correct directory.  What else am I missing here?
> 
>   The permissions are wrong.
> 
>   For one, you're using version 1.  Don't.  Upgrade to 2.2.5.
> 
> > [root at lasamiq3 raddb]# dir -l certs
> > total 64
> > -rw-r--rwx 1 root radiusd  721 Dec  4  2009 cert-clt.der
> 
>   Uh... you do realize that's bad, right?
> 
>   The files should NOT be readable and writable by everyone on the
> system.  They should NOT be executable.
> 
>   You went out of your way to break the server.  Don't do that.  The
> default permissions are correct.
> 
>   You need to do the following as root:
> 
> cd /etc/raddb
> chmod -R -x .
> chmod -R o-rw .
> 
>   And don't break the server.  It causes problems.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141106/b6a5cc76/attachment.html>

More information about the Freeradius-Users mailing list