Bug 1835249
| Summary: | systemctl start radius because radiusd generates certificates with a wrong group | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Filip Dvorak <fdvorak> |
| Component: | freeradius | Assignee: | Alex Scheel <ascheel> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 31 | CC: | ascheel, lemenkov, nikolai.kondrashov, rharwood |
| Target Milestone: | --- | Keywords: | Regression, Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | freeradius-3.0.21-2.fc31 freeradius-3.0.21-2.fc30 freeradius-3.0.21-2.fc32 freeradius-3.0.21-7.fc31 freeradius-3.0.21-7.fc32 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-08-13 01:31:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Filip Dvorak
2020-05-13 13:46:36 UTC
FEDORA-2020-b3d89903b3 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3d89903b3 FEDORA-2020-b1f620db55 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1f620db55 FEDORA-2020-ab387da9de has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab387da9de FEDORA-2020-ab387da9de has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ab387da9de` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab387da9de See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-b3d89903b3 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b3d89903b3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3d89903b3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-b1f620db55 has been pushed to the Fedora 30 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b1f620db55` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1f620db55 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-b3d89903b3 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-b1f620db55 has been pushed to the Fedora 30 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-ab387da9de has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. Hello,
the fix should be in this version of FR freeradius-3.0.21-2.fc31 but the issue with certificates is still there.
Used version:
Fedoa31, freeradius-3.0.21-2.fc31.x86_64
Steps to Reproduce:
1. install freeradius server
2. systemctl start radiusd
Actual result:
[root ~]# rpm -qa | grep freeradius
freeradius-3.0.21-2.fc31.x86_64
[root ~]# radiusd -X
---snipped---
timeout = 0
softfail = no
}
}
tls: Failed reading certificate file "/etc/raddb/certs/server.pem"
tls: error:0200100D:system library:fopen:Permission denied
tls: error:20074002:BIO routines:file_ctrl:system lib
tls: error:140DC002:SSL routines:use_certificate_chain_file:system lib
rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap"
[root ~]# ll /etc/raddb/certs/
total 160
-rw-r-----. 1 root root 4559 Jul 28 06:26 01.pem
-rw-r-----. 1 root root 4408 Jul 28 06:26 02.pem
-rwxr-x---. 1 root radiusd 2823 May 13 12:20 bootstrap
-rw-r-----. 1 root radiusd 1432 May 13 12:20 ca.cnf
-rw-r-----. 1 root root 478 Jul 28 06:26 ca.crl
-rw-r-----. 1 root root 1278 Jul 28 06:26 ca.der
-rw-r-----. 1 root root 1854 Jul 28 06:26 ca.key
-rw-r-----. 1 root root 1785 Jul 28 06:26 ca.pem
-rw-r-----. 1 root radiusd 1103 May 13 12:20 client.cnf
-rw-r-----. 1 root root 4408 Jul 28 06:26 client.crt
-rw-r-----. 1 root root 1045 Jul 28 06:26 client.csr
-rw-r-----. 1 root root 1854 Jul 28 06:26 client.key
-rw-r-----. 1 root root 2581 Jul 28 06:26 client.p12
-rw-r-----. 1 root root 3687 Jul 28 06:26 client.pem
-rw-r-----. 1 root root 424 Jul 28 06:26 dh
-rw-r-----. 1 root root 229 Jul 28 06:26 index.txt
-rw-r-----. 1 root root 21 Jul 28 06:26 index.txt.attr
-rw-r-----. 1 root root 21 Jul 28 06:26 index.txt.attr.old
-rw-r-----. 1 root root 120 Jul 28 06:26 index.txt.old
-rw-r-----. 1 root radiusd 1131 May 13 12:20 inner-server.cnf
-rw-r-----. 1 root radiusd 6433 May 13 12:20 Makefile
-rw-r--r--. 1 root radiusd 166 May 13 12:20 passwords.mk
-rw-r-----. 1 root radiusd 8876 May 13 12:20 README
-rw-r-----. 1 root root 3 Jul 28 06:26 serial
-rw-r-----. 1 root root 3 Jul 28 06:26 serial.old
-rw-r-----. 1 root radiusd 1627 May 13 12:20 server.cnf
-rw-r-----. 1 root root 4559 Jul 28 06:26 server.crt
-rw-r-----. 1 root root 1196 Jul 28 06:26 server.csr
-rw-r-----. 1 root root 1854 Jul 28 06:26 server.key
-rw-r-----. 1 root root 2621 Jul 28 06:26 server.p12
-rw-r-----. 1 root root 3747 Jul 28 06:26 server.pem
-rw-r-----. 1 root root 3687 Jul 28 06:26 user.pem
-rw-r-----. 1 root radiusd 3046 May 13 12:20 xpextensions
Rebuilds in progress, should be done today. FEDORA-2020-70b376ec83 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-70b376ec83 FEDORA-2020-99d2f4b558 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-99d2f4b558 FEDORA-2020-70b376ec83 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-70b376ec83` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-70b376ec83 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-99d2f4b558 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-99d2f4b558` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-99d2f4b558 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-70b376ec83 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-99d2f4b558 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. |