Failed reading certificate file error with freeradius container.

Jonathan Gregoire jonathan763 at hotmail.com
Mon Jan 29 20:06:26 UTC 2024 

Hi Alan,

In Freeradius container, it is the "freerad" user that run the freeradius service:

root at 0cf44bf1e244:/# ps -au
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
freerad        1  0.1  0.0  18488 13796 pts/0    Ss+  19:58   0:00 freeradius -f -X
root           8  0.0  0.0   4624  3832 pts/1    Ss   19:58   0:00 bash
root          19  0.0  0.0   7060  1548 pts/1    R+   19:58   0:00 ps -au

On my host, the freerad user doesn't exist. So I created it and also a group called "freerad" just in case.

[root at dockerhost01 my-radius]# chown freerad:freerad -R etc/
[root at dockerhost01 my-radius]# ls -ls etc/freeradius/
total 148
 4 drwxr-s--x.  2 freerad freerad  4096 May 26  2023 certs
12 -rw-r-----.  1 freerad freerad  8323 May 26  2023 clients.conf
 4 -rw-r--r--.  1 freerad freerad  1420 May 26  2023 dictionary
 4 -rw-r-----.  1 freerad freerad  2661 May 26  2023 experimental.conf
 0 lrwxrwxrwx.  1 freerad freerad    28 May 26  2023 hints -> mods-config/preprocess/hints
 0 lrwxrwxrwx.  1 freerad freerad    33 May 26  2023 huntgroups -> mods-config/preprocess/huntgroups
 4 drwxr-xr-x.  2 freerad freerad  4096 May 26  2023 mods-available
 0 drwxr-xr-x. 11 freerad freerad   154 May 26  2023 mods-config
 4 drwxr-xr-x.  2 freerad freerad  4096 May 26  2023 mods-enabled
 4 -rw-r--r--.  1 freerad freerad    52 May 26  2023 panic.gdb
 4 drwxr-s--x.  2 freerad freerad  4096 May 26  2023 policy.d
32 -rw-r-----.  1 freerad freerad 29779 May 26  2023 proxy.conf
32 -rw-r-----.  1 freerad freerad 30769 May 26  2023 radiusd.conf
24 -rw-r--r--.  1 freerad freerad 20754 May 26  2023 README.rst
 4 drwxr-s--x.  2 freerad freerad  4096 May 26  2023 sites-available
 0 drwxr-s--x.  2 freerad freerad    41 May 26  2023 sites-enabled
 4 -rw-r--r--.  1 freerad freerad  3470 May 26  2023 templates.conf
12 -rw-r--r--.  1 freerad freerad  8536 May 26  2023 trigger.conf
 0 lrwxrwxrwx.  1 freerad freerad    27 May 26  2023 users -> mods-config/files/authorize

I'm getting the same permission error when I launch the container:
[root at dockerhost01 my-radius]# docker run --privileged --rm --name freeradius -t -v $(pwd)/etc/freeradius:/etc/freeradius -p 1822-1823:1812-1813/udp freeradius/freeradius-server -X
=====output ommited=====
tls: (TLS) Failed reading certificate file "/etc/freeradius/certs/server.pem"
tls: (TLS) error:8000000D:system library::Permission denied


Thanks,
Joleking
________________________________
From: Freeradius-Users <freeradius-users-bounces+jonathan763=hotmail.com at lists.freeradius.org> on behalf of Alan DeKok <aland at deployingradius.com>
Sent: January 29, 2024 14:32
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Failed reading certificate file error with freeradius container.

On Jan 29, 2024, at 12:12 PM, Jonathan Gregoire <jonathan763 at hotmail.com> wrote:
> I'm having an issue when I try to run freeradius in a docker container.  In the output that I pasted below, you will notice that I copied the "/etc/freeradius" directory on my host and that I mount the configuration directory $(pwd)/etc/freeradius on the container to make my configuration persistent.
>
> The problem is that no matter the permission I set on the $(pwd)/etc/freeradius/certs/server.pem file, I'm always getting an error when I launch the container:
> tls: (TLS) Failed reading certificate file "/etc/freeradius/certs/server.pem"
>
> Do you have an idea?

   It's OS / docker / file system permissions issues, and has nothing to do with FreeRADIUS.

  The files are owned by root, and then in the docket image, FreeRADIUS is running as ??? what user?

  Alan DeKok.

-
List info/subscribe/unsubscribe? See https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=05%7C02%7C%7C6d0ba0a8f6524ec6298708dc21011f97%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638421535914892866%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=2XBDiGHquNRwtfMMxw5QwmtQ5AwgIUchWbYHQhNDq%2BA%3D&reserved=0<http://www.freeradius.org/list/users.html>

More information about the Freeradius-Users mailing list