Check LDAP password with SHA512
will at damagesinc.net
Fri Jan 29 01:27:27 CET 2016
Ok, I just built 3.1.0 to reproduce the error for /dev/random
ca_file = "/usr/local/etc/raddb/certs/current/rootCA.pem"
ca_path = "/usr/local/etc/raddb/certs/current"
certificate_file = "/usr/local/etc/raddb/certs/current/radius.crt"
private_key_file = "/usr/local/etc/raddb/certs/current/radius.key"
random_file = "/dev/random"
Configuration file /dev/random is globally writable. Refusing to start due
to insecure configuration.
/usr/local/etc/raddb/mods-enabled/ldap: Invalid configuration for module
so what I gather about the last few e-mail was that I should not change the
permissions on things in the /dev folder.
is there a fix for this?
On Thu, Jan 28, 2016 at 9:53 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
> > On Jan 28, 2016, at 3:49 AM, Will W. <will at damagesinc.net> wrote:
> > OK this is getting fun, two systems up, the first one I get working wins.
> > - original system: SEL 12.1 Freeradius install via repo binaries 3.0.4
> > I'm familiar with 2.x but 3.x has a few differences.
> > I am guessing that this needs to be changed in
> > /etc/raddb/sites-enabled/default
> > Emailing from my phone is a bit painful.
> > -second system after getting the email about Freeradius 3.1.0 with patch
> > for crypt. Ubuntu x86_64 14.04 cloned from github about three hours ago.
> > Freeradius 3.1.0
> > Still trying to figure out what is wrong with my /dev/urandom file set in
> > /etc/freeradius/mods-enabled/ldap
> > Seems like on both RHEL 7.x and Ubuntu 14.04 when I compile from source
> > run either freeradius -X the first thing that it complained about was:
> > random_file = /dev/urandom is world writable. Quick chmod 644 and then I
> > get an unknown error trying to set the random_file.
> > Is there a fix for this?
> Unknown error means ldap_set_option returned an error without setting an
> on the ldap handle.
> Reading through the OpenLDAP code, it seems that this particular option is
> available as a global, so we're not allowed to pass in an ldap handle.
> This is undocumented behaviour.
> I'll push a fix.
> As for module ordering, edit sites-available/default
> Remove everything from the authorize section, and just list the modules
> in that order.
> Remove everything from the auth section, and just list pap.
> It should work.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users