Failed reading certificate file error with freeradius container.

Jonathan Gregoire jonathan763 at hotmail.com
Mon Jan 29 17:12:43 UTC 2024 

Hi,

I'm having an issue when I try to run freeradius in a docker container.  In the output that I pasted below, you will notice that I copied the "/etc/freeradius" directory on my host and that I mount the configuration directory $(pwd)/etc/freeradius on the container to make my configuration persistent.

The problem is that no matter the permission I set on the $(pwd)/etc/freeradius/certs/server.pem file, I'm always getting an error when I launch the container:
tls: (TLS) Failed reading certificate file "/etc/freeradius/certs/server.pem"

Do you have an idea?


How to reproduce:

[root at dockerhost01 ~]# mkdir my-radius
[root at dockerhost01 ~]# cd my-radius
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]# docker run --privileged --rm --name freeradius -t -d \
>    -p 1822-1823:1812-1813/udp \
>    -p 1822-1823:1812-1813/tcp \
>    freeradius/freeradius-server:3.2.3 -X
cd01803e38363c512a67a47998401e180c76d2cbbc34713a527a2e61a74462a1
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]# mkdir etc
[root at dockerhost01 my-radius]# docker cp -a freeradius:/etc/freeradius etc/freeradius
Successfully copied 1.35MB to /root/my-radius/etc/freeradius
[root at dockerhost01 my-radius]# docker stop freeradius
freeradius
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]# ls -ls etc/freeradius/
total 148
 4 drwxr-s--x.  2 root root  4096 May 26  2023 certs
12 -rw-r-----.  1 root root  8323 May 26  2023 clients.conf
 4 -rw-r--r--.  1 root root  1420 May 26  2023 dictionary
 4 -rw-r-----.  1 root root  2661 May 26  2023 experimental.conf
 0 lrwxrwxrwx.  1 root root    28 May 26  2023 hints -> mods-config/preprocess/hints
 0 lrwxrwxrwx.  1 root root    33 May 26  2023 huntgroups -> mods-config/preprocess/huntgroups
 4 drwxr-xr-x.  2 root root  4096 May 26  2023 mods-available
 0 drwxr-xr-x. 11 root root   154 May 26  2023 mods-config
 4 drwxr-xr-x.  2 root root  4096 May 26  2023 mods-enabled
 4 -rw-r--r--.  1 root root    52 May 26  2023 panic.gdb
 4 drwxr-s--x.  2 root root  4096 May 26  2023 policy.d
32 -rw-r-----.  1 root root 29779 May 26  2023 proxy.conf
32 -rw-r-----.  1 root root 30769 May 26  2023 radiusd.conf
24 -rw-r--r--.  1 root root 20754 May 26  2023 README.rst
 4 drwxr-s--x.  2 root root  4096 May 26  2023 sites-available
 0 drwxr-s--x.  2 root root    41 May 26  2023 sites-enabled
 4 -rw-r--r--.  1 root root  3470 May 26  2023 templates.conf
12 -rw-r--r--.  1 root root  8536 May 26  2023 trigger.conf
 0 lrwxrwxrwx.  1 root root    27 May 26  2023 users -> mods-config/files/authorize
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]#
[root at dockerhost01 my-radius]# docker run --privileged --rm --name freeradius -t \
>    -p 1822-1823:1812-1813/udp \
>    -p 1822-1823:1812-1813/tcp \
>    -v $(pwd)/etc/freeradius:/etc/freeradius \
>    freeradius/freeradius-server:3.2.3 -X
FreeRADIUS Version 3.2.3
Copyright (C) 1999-2022 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
-----OUTPUT OMMITED-----
    ocsp {
        enable = no
        override_cert_url = yes
        url = "http://127.0.0.1/ocsp/"
        use_nonce = yes
        timeout = 0
        softfail = no
    }
   }
tls: (TLS) Failed reading certificate file "/etc/freeradius/certs/server.pem"
tls: (TLS) error:8000000D:system library::Permission denied
tls: (TLS) error:10080002:BIO routines::system lib
tls: (TLS) error:0A080002:SSL routines::system lib
rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/etc/freeradius/mods-enabled/eap[14]: Instantiation failed for module "eap"
[root at dockerhost01 my-radius]#

More information about the Freeradius-Users mailing list