RedHat has issued an advisory on January 8: https://rhn.redhat.com/errata/RHSA-2013-0134.html Cauldron is not affected (fixed upstream). Patched package uploaded for Mageia 2. Advisory: ======================== Updated freeradius packages fix security vulnerability: It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4966 https://rhn.redhat.com/errata/RHSA-2013-0134.html ======================== Updated packages in core/updates_testing: ======================== freeradius-2.1.12-8.2.mga2 freeradius-krb5-2.1.12-8.2.mga2 freeradius-ldap-2.1.12-8.2.mga2 freeradius-postgresql-2.1.12-8.2.mga2 freeradius-mysql-2.1.12-8.2.mga2 freeradius-unixODBC-2.1.12-8.2.mga2 freeradius-sqlite-2.1.12-8.2.mga2 libfreeradius1-2.1.12-8.2.mga2 libfreeradius-devel-2.1.12-8.2.mga2 freeradius-web-2.1.12-8.2.mga2 from freeradius-2.1.12-8.2.mga2.src.rpm
Testing using 'Initial Tests' from here: http://freeradius.org/doc/
Whiteboard: (none) => has_procedure
Depends on: (none) => 8912
Same failures when started as bug 7447 from October last year. Created bug 8912 for these. ...etc WARNING: No such configuration item certdir /etc/raddb/eap.conf[284]: Reference "${certdir}/bootstrap" not found Following Dave's advice in bug 7447 comment 11 Commented out line 284 in /etc/raddb/eap.conf # make_cert_command = "${certdir}/bootstrap" Also same failure with directory ownership # systemctl start radiusd.service # systemctl status radiusd.service ... Process: 2010 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=1/FAILURE) In /lib/systemd/system/radiusd.service change the chown command to have radius:radius instead of radiusd.radiusd ExecStartPre=-/bin/chown -R radius.radius /var/run/radiusd # systemctl --system daemon-reload # systemctl start radiusd.service # systemctl status radiusd.service radiusd.service - FreeRADIUS high performance RADIUS server. Loaded: loaded (/lib/systemd/system/radiusd.service; enabled) Active: active (running) since Thu, 31 Jan 2013 11:00:56 +0000; 3s ago Process: 4157 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS) Process: 4155 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS) Process: 4153 ExecStartPre=/bin/chown -R radius.radius /var/run/radiusd (code=exited, status=0/SUCCESS) Main PID: 4158 (radiusd) CGroup: name=systemd:/system/radiusd.service รข 4158 /usr/sbin/radiusd -d /etc/raddb
Testing complete mga2 64 # echo 'testing Cleartext-Password := "password"' >> /etc/raddb/users # systemctl restart radiusd.service # radtest testing password 127.0.0.1 0 testing123 Sending Access-Request of id 105 to 127.0.0.1 port 1812 User-Name = "testing" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=105, length=20
Whiteboard: has_procedure => has_procedure mga2-64-ok
Testing complete mga2 32 Validating Advisory & SRPM in comment 0 Bug 8912 created for the config & systemd service file issues Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-ok
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0026
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED