> ----- Original Message ----- > From: [EMAIL PROTECTED] > To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> > Subject: Re: newbie on radiustesting > Date: Wed, 16 Apr 2008 21:52:38 +0100 > > > Hi, > > > A: All running, both radiusd -X and rcradiusd start, is done as > > root, and unfortunately all messages comes from the user root. > > okay. so definately a permission issue for a non root user. > ...its late now so if noone else steps in you'll have to wait > to hear from me again. (in radiusd.conf the user is set to > radiusd, yes?) > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
YES, the user is set to radiusd in radiusd.conf: # user/group: The name (or #number) of the user/group to run radiusd as. # # If these are commented out, the server will run as the user/group # that started it. In order to change to a different user/group, you # MUST be root ( or have root privleges ) to start the server. # # We STRONGLY recommend that you run the server with as few permissions # as possible. That is, if you're not using shadow passwords, the # user and group items below should be set to 'nobody'. # # On SCO (ODT 3) use "user = nouser" and "group = nogroup". # # NOTE that some kernels refuse to setgid(group) when the value of # (unsigned)group is above 60000; don't use group nobody on these systems! # # On systems with shadow passwords, you might have to set 'group = shadow' # for the server to be able to read the shadow password file. If you can # authenticate users while in debug mode, but not in daemon mode, it may be # that the debugging mode server is running as a user that can read the # shadow info, and the user listed below can not. # user = radiusd group = radiusd ....................................... By the way does this excerpt from the top page of radiusd.conf tell anything about the problem? If the server builds and installs, but fails at execution time # with an 'undefined symbol' error, then you can use the libdir # directive to work around the problem. # # The cause is usually that a library has been installed on your # system in a place where the dynamic linker CANNOT find it. When # executing as root (or another user), your personal environment MAY # be set up to allow the dynamic linker to find the library. When # executing as a daemon, FreeRADIUS MAY NOT have the same # personalized configuration. ...Remembering now that the output of rcradiusd start with the uncomment eap.conf\TLS partis: linux:/etc/raddb # rcradiusd start Starting RADIUS daemon 8188:error:0200100D:system library:fopen:Permission denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') 8188:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: 8188:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274: startproc: exit status of parent of /usr/sbin/radiusd: 1 failed ....which is pretty much identical to the error messages from radiusd -X: 8215:error:0200100D:system library:fopen:Permission denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') 8215:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: 8215:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274: rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. Does this help you? -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html