On Mon, Sep 02, 2013 at 07:07:15PM +0200, Petter Reinholdtsen wrote:
> [Giorgio Pioda]
> > Some progress and some questions
> > Checking with strace the activity of freeradius in debug mode,
> > I've seen that the daemon was triing to write into /tmp/user/0
> > which had root:root and 0711 privileges.
> > Opening to 0777 makes the authentication successful and a radius_125
> > file (freerad:freerad owner) is created.
> > Is it ok to have such a permission in this directory?
> The /tmp/user/0 directory is the TMP/TMPDIR directory of the root
> user. It is created by libpam-tmpdir when a user log in and ensure
> users are more isolated from each other. If the radius server lack
> write access to this directory, it is because it isn't running as the
> root user when it try to write its files.
> A quickfix is to restart the daemon while TMP and TMPDIR is unset, ie
> something like this:
> 'TMP= TMPDIR= service freeradios restart'
> The proper fix is perhaps to stop freeradios from storing files in
> /tmp, or to get it to call PAM when changing uid (to create its own
> directory under /tmp/user/), or to get it to open the files in /tmp/
> before changing uid. :)
A clean reboot fixed the /tmp/user issue. Now freeradius is writing
tickets to /var/tmp.
What still is there is the problem with password containing special chars,
at leasr with "radtest".