Unable to start radiusd, permission issues, and minimal configuration

Matthew Newton mcn at freeradius.org
Thu Dec 1 23:36:07 UTC 2022

On 01/12/2022 23:24, James Prestwood wrote:
> Running as a regular user I get some permission errors since it needs
> files in /etc but neither sudo nor logging in as root allow me to run
> it either. Its still got permission issues with server.pem
> tls: Failed reading certificate file "/etc/raddb/certs/server.pem"
> tls: error:0200100D:system library:fopen:Permission denied

Check what the file ownership is for that certificate - and also check 
radiusd.conf to see what user FreeRADIUS is running as. Once it drops 
privileges it may no longer have access to read.

> I've also got some additional questions as to how difficult it would be
> to strip down the configuration, hopefully to a few files?

Possible (and fairly easy) when you know what you are doing. If you're 
just getting started then really not recommended.

Stick with the full default config, check it into git or some other 
version control, and work your want forward. When things break you can 
then easily go back to previous working versions.

> I'm trying to add freeradius to our automated testing framework for
> wifi, which currently uses hostapd's internal radius server for all EAP
> tests which is basically two config files. The problem is its not
> testing against a RADIUS server that you would encounter in real life,
> like freeradius. So I would like to test against freeradius as well and
> hopefully catch any subtle differences between the two implementations.

Yes that definitely makes sense.

> The framework runs on a minimal kernel VM and all daemon configurations
> are held in our upstream project (e.g. dbus, dhcpd, radvd, hostapd
> etc.). The freeradius config is an entire folder structure with many
> config files so duplicating that upstream isn't really desired. I've
> seen "don't modify the config" everywhere, but that aside, is a minimal
> configuration possible? we only need EAP.

Sure, it's definitely possible. But work your way towards it as you get 
to understand the config.


More information about the Freeradius-Users mailing list