NSS DB

Alan DeKok aland at deployingradius.com
Fri Jul 12 17:40:22 CEST 2019


On Jul 12, 2019, at 5:30 PM, Andrew Meyer via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Hello,I am having some trouble getting FreeRADIUS to work.  I am trying to set it up to communicate with my LDAP system (FreeIPA).  I am using CentOS 7 latest w/ FreeRADIUS 3.0.13

  Ugh.

  Use the packages from http://packages.networkradius.com.  They're not crap, unlike the standard (years-old) RedHat ones.

> and receiving the following errors.
> [root at console02 nssdb]# sudo systemctl status radiusd -l
> ● radiusd.service - FreeRADIUS high performance RADIUS server.
>    Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
>    Active: failed (Result: exit-code) since Fri 2019-07-12 15:11:52 UTC; 11min ago
>   Process: 4068 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=1/FAILURE)
>   Process: 4063 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
>   Process: 4060 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
>  Main PID: 1079 (code=exited, status=0/SUCCESS)
> 
> Jul 12 15:11:51 console02.loc.example.local systemd[1]: Starting FreeRADIUS high performance RADIUS server....
> Jul 12 15:11:52 console02.loc.example.local radiusd[4068]: TLSMC: MozNSS compatibility interception begins.

  RedHat in their infinite wisdom decided to switch to using NSS instead of OpenSSL.  So they shipped things like libldap, which only link to NSS.  And since FreeRADIUS uses OpenSSL, bad things happen.

  The packages noted above don't have this issue.

> Jul 12 15:11:52 console02.loc.example.local radiusd[4068]: tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present.
> Jul 12 15:11:52 console02.loc.example.local radiusd[4068]: tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only.
> Jul 12 15:11:52 console02.loc.example.local radiusd[4068]: TLSMC: MozNSS compatibility interception ends.
> Jul 12 15:11:52 console02.loc.example.local systemd[1]: radiusd.service: control process exited, code=exited status=1

  The actual error should be in the radius.log file.  Go read that to see what's going on.

  Or, run the server in debugging mode as suggested *everywhere*.  Odds are you edited the configuration and broke it.

  Alan DeKok.




More information about the Freeradius-Users mailing list