Problems starting FreeRadius after 3.0.23 install

Alan DeKok aland at
Fri Sep 24 14:23:28 CEST 2021

On Sep 24, 2021, at 6:04 AM, Weisteen Per <per.weisteen at> wrote:
> Have just installed Freeradius 3.0.23 on my CentOS 7 test-servers as described in .
> I'm not using LDAP so I've skipped that part. 


> I'm also not using radiusd:radiusd as userid:groupid due to administrative naming rules, but got a xxxxrad:xxxxrad as userid:groupid instead.
> I've changed ownership for all files under /etc/raddb and /var/log/radiusd to xxxxrad:xxxxrad, changed user and group in radius.conf accordingly.
> Also copied the supplied /usr/lib/systemd/system/radiusd.service into /etc/systemd/system/radiusd.service and changed User and Group here too.

  It's best to have the file permissions as owned by user "root", and group "xxxrad".  You typically don't want a public-facing service to own the files it reads.  If there's a vulnerability, then an attacker can over-write the configuration files.  Which is usually bad.

> Running radius -X as root gives no error messages. 
> When starting radius through systemctl start radiusd I get "Failed to start FreeRADIUS multi-protocol policy server."
> Doing su - xxxxrad and the running radius -X gives these messages:
> Failed binding to interface net1: Operation not permitted
> /etc/raddb/sites-enabled/default[59]: Error binding to port for port 1812

  That's an error from the operating system.

> I've removed the comment that was in front of the 
> In radius.service.

  That's good, but it seems not enough.

  There's some magic on your OS (SeLinux?) which is preventing the server from binding to the "net1" interface.  You'll have to figure it out.  And if you do, *please* update the Wiki so other people don't run into the same issue.

  I don't run SeLinux because it's useless for most purposes.  It rarely helps, it's hard to configure, and it gets in the way.

  Alan DeKok.

More information about the Freeradius-Users mailing list