Univention Bugzilla – Full Text Bug Listing |
Summary: | freeradius does not start after installation: Unable to open DH file - /etc/freeradius/ssl/dh | ||
---|---|---|---|
Product: | UCS | Reporter: | Janis Meybohm <meybohm> |
Component: | Radius | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Janis Meybohm
2015-06-29 13:53:21 CEST
SSL key generation was moved from joinscript to postinst. Commits: 63483, 63484 YAML (r63486): 2015-09-03-univention-radius.yaml Merge to 4.1: 63485 I think adding a "chmod 444 /etc/freeradius/ssl/dh" to the join script would have been sufficient to fix the issue. At least in my test, it was sufficient. Are there any reasons to move the key handling to the postinst script? With the postinst variant I see some drawbacks: - the private.key/cert.pem is only copied once; so no chance to update the key e.g. by reexcuting the join script via UMC module; this also applies during rejoin → the SSL certificate may be revoked - univention-radius cannot be installed prior to joining the system. The SSL certficate is only available after the system has been join. So copying private.key and cert.pem in postinst will fail, if the system is not joined yet. (→ before Univention App Center in some customer environments univention-radius has been installed before joining the system) → REOPEN Commits 64126 + 64127 move the DH file generation back into the join script. Merge to 4.1 is included in commits. YAML: 64128 OK: code change OK: functional test OK: YAML OK: changes merged to 4.1-0 → freeradius has been started automatically, if join script has been run |