Description of problem: It is not possible to run radiusd (systemctl start radiusd) because it generates certificates with a wrong group (root instead of radiusd). Version-Release number of selected component (if applicable): freeradius-3.0.21-1.fc31.x86_64 Fedora 31 How reproducible: always Steps to Reproduce: 1. install freeradius server 2. systemctl start radiusd Actual results: # systemctl start radiusd Job for radiusd.service failed because the control process exited with error code. See "systemctl status radiusd.service" and "journalctl -xe" for details. cat /var/log/radius/radius.log tls: Failed reading certificate file "/etc/raddb/certs/server.pem" tls: error:0200100D:system library:fopen:Permission denied tls: error:20074002:BIO routines:file_ctrl:system lib tls: error:140DC002:SSL routines:use_certificate_chain_file:system lib rlm_eap_tls: Failed initializing SSL context rlm_eap (EAP): Failed to initialise rlm_eap_tls /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap" Expected results: The command systemctl radiusd should finished successfully and created correct certificates. Additional info: # ll /etc/raddb/certs/server.* -rw-r-----. 1 root radiusd 1627 Apr 7 10:18 /etc/raddb/certs/server.cnf -rw-r-----. 1 root root 4559 May 13 09:36 /etc/raddb/certs/server.crt -rw-r-----. 1 root root 1196 May 13 09:36 /etc/raddb/certs/server.csr -rw-r-----. 1 root root 1854 May 13 09:36 /etc/raddb/certs/server.key -rw-r-----. 1 root root 2621 May 13 09:36 /etc/raddb/certs/server.p12 -rw-r-----. 1 root root 3747 May 13 09:36 /etc/raddb/certs/server.pem
FEDORA-2020-b3d89903b3 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3d89903b3
FEDORA-2020-b1f620db55 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1f620db55
FEDORA-2020-ab387da9de has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab387da9de
FEDORA-2020-ab387da9de has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ab387da9de` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ab387da9de See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-b3d89903b3 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b3d89903b3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3d89903b3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-b1f620db55 has been pushed to the Fedora 30 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b1f620db55` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b1f620db55 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-b3d89903b3 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-b1f620db55 has been pushed to the Fedora 30 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-ab387da9de has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
Hello, the fix should be in this version of FR freeradius-3.0.21-2.fc31 but the issue with certificates is still there. Used version: Fedoa31, freeradius-3.0.21-2.fc31.x86_64 Steps to Reproduce: 1. install freeradius server 2. systemctl start radiusd Actual result: [root ~]# rpm -qa | grep freeradius freeradius-3.0.21-2.fc31.x86_64 [root ~]# radiusd -X ---snipped--- timeout = 0 softfail = no } } tls: Failed reading certificate file "/etc/raddb/certs/server.pem" tls: error:0200100D:system library:fopen:Permission denied tls: error:20074002:BIO routines:file_ctrl:system lib tls: error:140DC002:SSL routines:use_certificate_chain_file:system lib rlm_eap_tls: Failed initializing SSL context rlm_eap (EAP): Failed to initialise rlm_eap_tls /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap" [root ~]# ll /etc/raddb/certs/ total 160 -rw-r-----. 1 root root 4559 Jul 28 06:26 01.pem -rw-r-----. 1 root root 4408 Jul 28 06:26 02.pem -rwxr-x---. 1 root radiusd 2823 May 13 12:20 bootstrap -rw-r-----. 1 root radiusd 1432 May 13 12:20 ca.cnf -rw-r-----. 1 root root 478 Jul 28 06:26 ca.crl -rw-r-----. 1 root root 1278 Jul 28 06:26 ca.der -rw-r-----. 1 root root 1854 Jul 28 06:26 ca.key -rw-r-----. 1 root root 1785 Jul 28 06:26 ca.pem -rw-r-----. 1 root radiusd 1103 May 13 12:20 client.cnf -rw-r-----. 1 root root 4408 Jul 28 06:26 client.crt -rw-r-----. 1 root root 1045 Jul 28 06:26 client.csr -rw-r-----. 1 root root 1854 Jul 28 06:26 client.key -rw-r-----. 1 root root 2581 Jul 28 06:26 client.p12 -rw-r-----. 1 root root 3687 Jul 28 06:26 client.pem -rw-r-----. 1 root root 424 Jul 28 06:26 dh -rw-r-----. 1 root root 229 Jul 28 06:26 index.txt -rw-r-----. 1 root root 21 Jul 28 06:26 index.txt.attr -rw-r-----. 1 root root 21 Jul 28 06:26 index.txt.attr.old -rw-r-----. 1 root root 120 Jul 28 06:26 index.txt.old -rw-r-----. 1 root radiusd 1131 May 13 12:20 inner-server.cnf -rw-r-----. 1 root radiusd 6433 May 13 12:20 Makefile -rw-r--r--. 1 root radiusd 166 May 13 12:20 passwords.mk -rw-r-----. 1 root radiusd 8876 May 13 12:20 README -rw-r-----. 1 root root 3 Jul 28 06:26 serial -rw-r-----. 1 root root 3 Jul 28 06:26 serial.old -rw-r-----. 1 root radiusd 1627 May 13 12:20 server.cnf -rw-r-----. 1 root root 4559 Jul 28 06:26 server.crt -rw-r-----. 1 root root 1196 Jul 28 06:26 server.csr -rw-r-----. 1 root root 1854 Jul 28 06:26 server.key -rw-r-----. 1 root root 2621 Jul 28 06:26 server.p12 -rw-r-----. 1 root root 3747 Jul 28 06:26 server.pem -rw-r-----. 1 root root 3687 Jul 28 06:26 user.pem -rw-r-----. 1 root radiusd 3046 May 13 12:20 xpextensions
Rebuilds in progress, should be done today.
FEDORA-2020-70b376ec83 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-70b376ec83
FEDORA-2020-99d2f4b558 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-99d2f4b558
FEDORA-2020-70b376ec83 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-70b376ec83` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-70b376ec83 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-99d2f4b558 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-99d2f4b558` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-99d2f4b558 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-70b376ec83 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-99d2f4b558 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.