freeradius 'permission denied'

ilvista · April 26, 2010, 10:35am

I recently installed freeradius using Yast,but wehen I tried to run it in a debug mode:

radiusd -X

it gives me this error message

Error reading dictionnary:dict_init:Couldn't open dictionnary "etc/raddb/dictionary:Permission denied"

any one can help me?

ilvista · April 26, 2010, 10:50am

linux-96fa:/etc/raddb # radiusd -X
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Mar 10 2010 at 14:34:31                                                                          
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.         
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A             
PARTICULAR PURPOSE.                                                             
You may redistribute copies of FreeRADIUS under the terms of the                
GNU General Public License v2.                                                  
Starting - reading configuration files ...                                      
including configuration file /etc/raddb/radiusd.conf                            
including configuration file /etc/raddb/proxy.conf                              
including configuration file /etc/raddb/clients.conf                            
including files in directory /etc/raddb/modules/                                
including configuration file /etc/raddb/modules/expr                            
including configuration file /etc/raddb/modules/pap                             
including configuration file /etc/raddb/modules/detail.log                      
including configuration file /etc/raddb/modules/ippool                          
including configuration file /etc/raddb/modules/files                           
including configuration file /etc/raddb/modules/counter                         
including configuration file /etc/raddb/modules/attr_rewrite                    
including configuration file /etc/raddb/modules/mac2vlan                        
including configuration file /etc/raddb/modules/inner-eap                       
including configuration file /etc/raddb/modules/smsotp                          
including configuration file /etc/raddb/modules/mschap                          
including configuration file /etc/raddb/modules/sradutmp                        
including configuration file /etc/raddb/modules/smbpasswd                       
including configuration file /etc/raddb/modules/checkval                        
including configuration file /etc/raddb/modules/attr_filter                     
including configuration file /etc/raddb/modules/pam                             
including configuration file /etc/raddb/modules/ldap                            
including configuration file /etc/raddb/modules/radutmp                         
including configuration file /etc/raddb/modules/perl                            
including configuration file /etc/raddb/modules/exec                            
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
main {
        user = "radiusd"
        group = "radiusd"
        allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
Errors reading dictionary: dict_init: Couldn't open dictionary "/etc/raddb/dictionary": Permission denied

linux-96fa:/etc/raddb # ls -l
total 204
-rw-r----- 1 root root      671 2010-03-10 09:35 acct_users
-rw-r----- 1 root root     4174 2010-03-10 09:35 attrs
-rw-r----- 1 root radiusd   513 2010-03-10 09:35 attrs.access_challenge
-rw-r----- 1 root root      458 2010-03-10 09:35 attrs.access_reject
-rw-r----- 1 root root      437 2010-03-10 09:35 attrs.accounting_response
-rw-r----- 1 root root     2022 2010-03-10 09:35 attrs.pre-proxy
drwxr-x--- 2 root radiusd  4096 2010-04-20 12:24 certs
-rw-r----- 1 root radiusd  6703 2010-03-10 09:35 clients.conf
-rw-r----- 1 root root      877 2010-03-10 09:35 dictionary
-rw-r----- 1 root radiusd 15045 2010-03-10 09:35 eap.conf
-rw-r----- 1 root radiusd  4609 2010-03-10 09:35 example.pl
-rw-r----- 1 root radiusd 12722 2010-03-10 09:35 experimental.conf
-rw-r----- 1 root root     2352 2010-03-10 09:35 hints
-rw-r----- 1 root root     1604 2010-03-10 09:35 huntgroups
-rw-r----- 1 root root     3173 2010-03-10 09:35 ldap.attrmap
drwxr-x--- 2 root radiusd  4096 2010-04-20 12:24 modules
-rw-r----- 1 root radiusd  2840 2010-03-10 09:35 policy.conf
-rw-r----- 1 root root     4873 2010-03-10 09:35 policy.txt
-rw-r----- 1 root radiusd   984 2010-03-10 09:35 preproxy_users
-rw-r----- 1 root radiusd 25971 2010-03-10 09:35 proxy.conf
-rw-r----- 1 root radiusd 27200 2010-03-10 09:35 radiusd.conf
drwxr-x--- 2 root root     4096 2010-04-20 12:24 sites-available
drwxr-x--- 2 root root     4096 2010-04-20 12:24 sites-enabled
drwxr-x--- 7 root radiusd  4096 2010-04-20 12:24 sql
-rw-r----- 1 root radiusd  3042 2010-03-10 09:35 sql.conf
-rw-r----- 1 root radiusd  2475 2010-03-10 09:35 sqlippool.conf
-rw-r----- 1 root radiusd  3450 2010-03-10 09:35 templates.conf
-rw-r----- 1 root radiusd  6524 2010-03-10 09:35 users
linux-96fa:/etc/raddb #

ken_yap · April 26, 2010, 11:01am

The radiusd user has no read permissions on dictionary. Look at the owner and group, they are root:root.

ilvista · April 26, 2010, 10:43pm

Thx a lot,that was perfect but I geting a new error message:

rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.

ilvista · April 26, 2010, 11:45pm

got it work
I changed the ca.config permission (certs)

thx Ken_yap
bye