strange behavior when EAP is enabled?

[Coy Hile]

> On Dec 20, 2019, at 5:17 PM, Coy Hile <coy.hile at coyhile.com> wrote:
> 
> 
> 
>> On Dec 20, 2019, at 4:53 PM, Alan DeKok <aland at deployingradius.com> wrote:
>> 
>> On Dec 20, 2019, at 4:22 PM, Coy Hile <coy.hile at coyhile.com> wrote:
>>> 
>>> My initial thought as well; however, even running as user radiusd, I see the same behavior; starts fine in debug mode, and bails with the cited error. Interestingly, if I run radiusd -f as root, I see the same behavior in the logs and a failure to start.
>> 
>> Weird.
>> 
>>> Permissions _should_ be fine:
>> 
>> Well, I blame some weird Linux stuff.  Maybe SELinux?
> 
> 
> Not in the least; this particular instance is SmartOS, so at least I have good debugging tools (read: Dtrace) to dig deep after the holiday. Once I figure out what’s up, I’ll definitely post the solution back to the list for posterity. I asked here on the off chance that this were something like “Oh, look, the code does <X> strangeness in debug mode.”
> 
> Appreciate your help, Alan.
> 
> 

And, for posterity’s sake, I found the solution here.  The server.pem file created by the bootstrap script looks thus:

```
Bag Attributes
localKeyID: ...
issuer=...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Bag Attributes
more garbage...
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
——END ENCRYPTED PRIVATE KEY——
```

Once I moved the private key to the top of the file (and removed the Bag attributes information (which I haven’t seen before)), ending up with the server.pem looking thus:

```
——BEGIN ENCRYPTED PRIVATE KEY-----
...
——END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
```

the world is good to go.

(Note Mail.app may have mucked with some formatting there.)


--
Coy Hile
coy.hile at coyhile.com