Check LDAP password with SHA512

Alan DeKok aland at
Thu Jan 28 15:29:59 CET 2016

On Jan 28, 2016, at 3:49 AM, Will W. <will at> wrote:
> OK this is getting fun, two systems up, the first one I get working wins.
> - original system: SEL 12.1 Freeradius install via repo binaries 3.0.4
> I'm familiar with 2.x but 3.x has a few differences.
> I am guessing that this needs to be changed in
> /etc/raddb/sites-enabled/default

  You cannot just use a v2 configuration in a v3 server.  This is documented.  See the v3 file raddb/README.rst.  Or look at the wiki for upgrading documentation.

  Despite perennial complaints, most of the server *is* documented.  PLEASE read the documentation before making major changes.

> -second system after getting the email about Freeradius 3.1.0 with patch
> for crypt. Ubuntu x86_64 14.04 cloned from github about three hours ago.
> Freeradius 3.1.0
> Still trying to figure out what is wrong with my /dev/urandom file set in
> /etc/freeradius/mods-enabled/ldap
> Seems like on both RHEL 7.x and Ubuntu 14.04 when I compile from source and
> run either freeradius -X the first thing that it complained about was:
> random_file = /dev/urandom is world writable.

  What is the EXACT ERROR?  This is important.

  Saying "stuff went wrong" doesn't work well with computers.  Computers are literal , and exact.

> Quick chmod 644 and then I
> get an unknown error trying to set the random_file.

  It should be Unix administration 101.  *Don't* mangle the permissions on files in /dev/. 

> Is there a fix for this?

  Post the debug output where it gives the error.

  No one else sees that problem.  The code checks for world-writable files *only* for the server configuration files.  e.g. radiusd.conf, proxy.conf, etc.  I don't see any code path where your error is possible.  

  So... what did you do?  What did you change?  Why did you change it?

  Alan DeKok.

More information about the Freeradius-Users mailing list