Re: [PacketFence-users] Radtest Fail

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 2014-06-05, at 6:53 , Carla Nurse <pac...@gm...> wrote:

> OKay, so I think I know why the tests weren't working. The radiusd service isn't running.
> 
> [root@pf-zen-esx ~]# service radiusd status
> radiusd is stopped
> [root@pf-zen-esx ~]# service radiusd start
> Starting radiusd:                                          [FAILED]
> 
> When I  run the radiusd -X command, the end indicates that it  is "Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)". I tried to update it using the yum install openssl 1.0.1g but that failed. Indicating that the package was not available.
> 
> 
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)
> For more information see http://heartbleed.com
> 

Hi Carla,
The service is not supposed to be running.

FreeRADIUS is managed by PacketFence, not initd. 

This is unsurprising and will probably happen even if you update libssl.
The issue is that you are not running radiusd with the correct arguments.

You should be doing it this way:

# radiusd -d /usr/local/pf/raddb -X

But don't expect that to fix your ntlm_auth problem.
FreeRADIUS depends on ntlm_auth, not the other way around.
You still have to get ntlm_auth working before FreeRADIUS will do Active Directory authentication. 

Have you considered the possibility that the issue is on the AD server?
Also, make sure you have DNS working correctly. 
tcpdump ca be your friend to see what is going on between your server and AD.

Regards,
--
Louis Munro
lm...@in...  ::  www.inverse.ca 
+1.514.447.4918 *125  :: +1 (866) 353-6153 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)