otpd - resurrecting it
Stefan.Paetow at jisc.ac.uk
Wed Sep 23 12:29:57 CEST 2015
> run otpd but I do remember that no matter what I did, if radiusd did not
> have rights to /var/run/otpd/socket then FreeRadius was always denied
> permission when attempting to interact with otpd.
You could add radiusd (the user) to the group that otpd runs as (possibly 'otpd'), that way radiusd can access anything the group is allowed to access. This is something recommended when using winbindd with FR. :-)
> [root at HP-LAB-1 otpd]# su -l radiusd otptest
> This account is currently not available.
The radiusd account has a shell that does not allow interactive login. Use su --shell=/bin/bash -l radiusd otptest :-)
> All of the above results in otpd still running. But if I run radtest
> once more... otpd segfaults and leaves the /var/run/otpd/socket
> inaccessible by radiusd.
What's the actual ownership of that socket? Also... If you're running Fedora, is there any chance SELinux is messing with this?
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
xmpp: stefanp at jabber.dev.ja.net
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users