RE: Permission denied on certificate-files
Hi, seems to be working! Thanks a lot. :-) //Thomas -Original Message- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Fri 2005-01-14 15:48 To: freeradius-users@lists.freeradius.org Cc: Subject:RE: Permission denied on certificate-files Hi, (snipp) > drw-r- 3 root radiusd 472 Jan 11 14:36 certs > drw-r- 3 root root 472 Jan 11 15:30 certs_backup (snipp) > drw-r- 2 root radiusd 200 Jan 11 14:36 demoCA (snipp) Directories normally need the "x"-Bit to be set. Try chmod u+x certs certs_backup certs/demoCA chmod g+x certs certs_backup certs/demoCA (assuming you're in the right directory, of course) and see if that improves things... Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <>
RE: Permission denied on certificate-files
Hi, (snipp) > drw-r- 3 root radiusd 472 Jan 11 14:36 certs > drw-r- 3 root root 472 Jan 11 15:30 certs_backup (snipp) > drw-r- 2 root radiusd 200 Jan 11 14:36 demoCA (snipp) Directories normally need the "x"-Bit to be set. Try chmod u+x certs certs_backup certs/demoCA chmod g+x certs certs_backup certs/demoCA (assuming you're in the right directory, of course) and see if that improves things... Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Permission denied on certificate-files
Hi, I've tried to, temporarely, run the radius-server with main: user = "root" with success. I've checked the permissions on the following file & folders but I know too little about file- & folderpermissions in Linux. I hope somebody can help me spot any problems! # ls -la /etc/raddb/ -rw-r--r-- 1 root radiusd 422 Oct 5 02:13 acct_users -rw-r--r-- 1 root radiusd 3454 Oct 5 02:13 attrs drw-r- 3 root radiusd 472 Jan 11 14:36 certs drw-r- 3 root root 472 Jan 11 15:30 certs_backup -rw-r- 1 root radiusd 3003 Jan 11 15:19 clients.conf -rw-r--r-- 1 root root 3004 Jan 11 14:39 clients.conf~ -rw-r--r-- 1 root root 3280 Jan 11 16:28 debug.txt -rw-r--r-- 1 root radiusd 929 Oct 5 02:13 dictionary -rw-r- 1 root radiusd 9098 Jan 11 16:46 eap.conf -rw-r--r-- 1 root root 9099 Jan 11 15:47 eap.conf~ -rw-r--r-- 1 root radiusd 2396 Oct 5 02:13 hints -rw-r--r-- 1 root radiusd 1604 Oct 5 02:13 huntgroups -rw-r--r-- 1 root radiusd 2333 Oct 5 02:13 ldap.attrmap -rw-r- 1 root radiusd 9330 Oct 5 02:13 mssql.conf -rw-r- 1 root radiusd 856 Oct 5 02:13 naspasswd -rw-r- 1 root radiusd 14108 Oct 5 02:13 postgresql.conf -rw-r- 1 root radiusd 531 Oct 5 02:13 preproxy_users -rw-r- 1 root radiusd 8862 Oct 5 02:13 proxy.conf -rw-r--r-- 1 root radiusd 57046 Jan 14 15:23 radiusd.conf -rw-r--r-- 1 root root57059 Jan 14 15:16 radiusd.conf~ -rw-r- 1 root radiusd 1405 Oct 5 02:13 snmp.conf -rw-r- 1 root radiusd 13892 Oct 5 02:13 sql.conf -rw-r- 1 root radiusd 7068 Jan 11 15:29 users -rw-r--r-- 1 root root 7028 Jan 11 14:41 users~ -rw-r--r-- 1 root radiusd 7267 Oct 5 02:13 x99.conf -rw-r- 1 root radiusd 4165 Oct 5 02:13 x99passwd.sample # ls -la /etc/raddb/certs/ -rw-r- 1 root radiusd 431 Oct 5 02:14 README -rw-r- 1 root radiusd 721 Oct 5 02:14 cert-clt.der -rw-r- 1 root radiusd 1741 Oct 5 02:14 cert-clt.p12 -rw-r- 1 root radiusd 2452 Oct 5 02:14 cert-clt.pem -rw-r- 1 root radiusd 717 Oct 5 02:14 cert-srv.der -rw-r- 1 root radiusd 1733 Oct 5 02:14 cert-srv.p12 -rw-r- 1 root radiusd 2439 Oct 5 02:14 cert-srv.pem drw-r- 2 root radiusd 200 Jan 11 14:36 demoCA -rw-r- 1 root radiusd0 Oct 5 02:14 dh -rw-r- 1 root radiusd 2913 Oct 5 02:14 newcert.pem -rw-r- 1 root radiusd 1753 Oct 5 02:14 newreq.pem -rw-r- 1 root radiusd 1024 Oct 5 02:14 random -rw-r- 1 root radiusd 954 Oct 5 02:14 root.der -rw-r- 1 root radiusd 1973 Oct 5 02:14 root.p12 -rw-r- 1 root radiusd 2764 Oct 5 02:14 root.pem # ls -la /etc/raddb/certs/demoCA/ -rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert.pem -rw-r- 1 root radiusd 276 Oct 5 02:14 index.txt -rw-r- 1 root radiusd 140 Oct 5 02:14 index.txt.old -rw-r- 1 root radiusd3 Oct 5 02:14 serial -rw-r- 1 root radiusd3 Oct 5 02:14 serial.old //Thomas -Original Message- From: [EMAIL PROTECTED] on behalf of Zoltan Ori Sent: Thu 2005-01-13 18:43 To: freeradius-users@lists.freeradius.org Cc: Subject: Re: Permission denied on certificate-files On Thursday 13 January 2005 09:16, Hedenborg Thomas wrote: > Don't you mean that root is the main user? > > -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem > > main: user = "radiusd" > main: group = "radiusd" It came from the debug listing you posted. If, when logged in a terminal session as user 'radiusd', you can read '/etc/raddb/certs/demoCA/cacert.pem', then your problem might be elsewhere. If you can't read it, then something is wrong with permissions. I don't think you want to run the server as root. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <>
Re: Permission denied on certificate-files
On Thursday 13 January 2005 09:16, Hedenborg Thomas wrote: > Don't you mean that root is the main user? > > -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem > > main: user = "radiusd" > main: group = "radiusd" It came from the debug listing you posted. If, when logged in a terminal session as user 'radiusd', you can read '/etc/raddb/certs/demoCA/cacert.pem', then your problem might be elsewhere. If you can't read it, then something is wrong with permissions. I don't think you want to run the server as root. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Permission denied on certificate-files
Don't you mean that root is the main user? -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem //Thomas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zoltan Ori Sent: den 13 januari 2005 15:08 To: freeradius-users@lists.freeradius.org Subject: Re: Permission denied on certificate-files On Thursday 13 January 2005 07:57, Hedenborg Thomas wrote: > Hi, nope didn't help... > > # ls -la certs/demoCA/cacert.pem > -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem > > //Thomas > > Since you have: main: user = "radiusd" main: group = "radiusd" See what user 'radiusd' is allowed to do on your system and change accordingly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Permission denied on certificate-files
On Thursday 13 January 2005 07:57, Hedenborg Thomas wrote: > Hi, nope didn't help... > > # ls -la certs/demoCA/cacert.pem > -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem > > //Thomas > > Since you have: main: user = "radiusd" main: group = "radiusd" See what user 'radiusd' is allowed to do on your system and change accordingly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Permission denied on certificate-files
Hi, nope didn't help... 19803:error:0200100D:system library:fopen:Permission denied:bss_file.c:104:fopen ('/etc/raddb/certs/demoCA/cacert.pem','r') 19803:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: 19803:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system li b:by_file.c:274: rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. # ls -la certs/demoCA/cacert.pem -rw-r--r-- 1 root radiusd 1346 Oct 5 02:14 certs/demoCA/cacert.pem //Thomas -Original Message- From: [EMAIL PROTECTED] on behalf of Zoltan A. Ori Sent: Thu 2005-01-13 13:21 To: freeradius-users@lists.freeradius.org Cc: Subject: Re: Permission denied on certificate-files On Thursday 13 January 2005 06:39, Hedenborg Thomas wrote: > Does somebody have a clue to why I get permission denied when trying to > open the cacert.pem file? See the file-permissions below. > >>ls -la cacert.pem > > -rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert. > try -rw-r--r-- instead. Zoltan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <>
Re: Permission denied on certificate-files
On Thursday 13 January 2005 06:39, Hedenborg Thomas wrote: > Does somebody have a clue to why I get permission denied when trying to > open the cacert.pem file? See the file-permissions below. > >>ls -la cacert.pem > > -rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert. > try -rw-r--r-- instead. Zoltan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Permission denied on certificate-files
Sorry about that! The extension got lost when I pasted the output into the messagebody. It does read "cacert.pem" as it should. Thanks anyway! Thomas Hedenborg Phone +46 63 16 66 37 E-mail [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Winter Sent: den 13 januari 2005 12:54 To: freeradius-users@lists.freeradius.org Subject: Re: Permission denied on certificate-files Hello! > -rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert. > 16520:error:0200100D:system library:fopen:Permission > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') Well, your file name is "cacert." but you configured to look for "cacert.pem". Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur réseau et système 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tél.: +352 424409-33 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Permission denied on certificate-files
Hello! > -rw-r- 1 root radiusd 1346 Oct 5 02:14 cacert. > 16520:error:0200100D:system library:fopen:Permission > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') Well, your file name is "cacert." but you configured to look for "cacert.pem". Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur réseau et système 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tél.: +352 424409-33 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html