Unable to start radiusd, permission issues, and minimal configuration
prestwoj at gmail.com
Thu Dec 1 23:24:28 UTC 2022
First off I'm having some problems starting radiusd. I first installed
the Fedora package then followed the HOWTO:
sudo dnf install freeradius
Edit /etc/raddb/users adding a 'testing' user
Running as a regular user I get some permission errors since it needs
files in /etc but neither sudo nor logging in as root allow me to run
it either. Its still got permission issues with server.pem
tls: Failed reading certificate file "/etc/raddb/certs/server.pem"
tls: error:0200100D:system library:fopen:Permission denied
tls: error:20074002:BIO routines:file_ctrl:system lib
tls: error:140DC002:SSL routines:use_certificate_chain_file:system lib
rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/etc/raddb/mods-enabled/eap: Instantiation failed for module "eap"
I've also got some additional questions as to how difficult it would be
to strip down the configuration, hopefully to a few files?
I'm trying to add freeradius to our automated testing framework for
wifi, which currently uses hostapd's internal radius server for all EAP
tests which is basically two config files. The problem is its not
testing against a RADIUS server that you would encounter in real life,
like freeradius. So I would like to test against freeradius as well and
hopefully catch any subtle differences between the two implementations.
The framework runs on a minimal kernel VM and all daemon configurations
are held in our upstream project (e.g. dbus, dhcpd, radvd, hostapd
etc.). The freeradius config is an entire folder structure with many
config files so duplicating that upstream isn't really desired. I've
seen "don't modify the config" everywhere, but that aside, is a minimal
configuration possible? we only need EAP.
Regarldess I'd like to get radiusd running in the first place to test,
then I can start the sacrilege of modifying the configuration :)
More information about the Freeradius-Users