Setting up LinOTP on CentOS 7 with FreeRADIUS (Version 3) ~ Peter Manton

Thursday, 2 February 2017

2.2.17

By Peter

In: centos, freeradius, linotp

Setting up LinOTP on CentOS 7 with FreeRADIUS (Version 3)

Currently the LinOTP documentation does not explain exactly how to get FreeRADIUS 3 up and running with it's perl module.

Some notes:

There is no need to populate the 'users' file (/etc/raddb/users)

Instead refer below for sample configuration that will work with FreeRADIUS 3:

https://groups.google.com/forum/#!topic/privacyidea/O2wdnmxIFNw

You will also need to install some additional dependencies for the LinOTP perl module:

sudo cpan LWP::Protocol::https

sudo yum install perl-Crypt-SSLeay perl-Net-SSLeay

I had to make extensive use of FreeRADIUS debug mode and the httpd error log:

radiusd -XXX

tail -f /var/log/httpd/httpd_error

Also if you have SELinux enabled you should keep in mind that access to the LinOTP server via the script will likely fail - to review:

ausearch -m avc -ts today | audit2allow

Another problem I encountered was issues with different versions of the Perl CARP module:

Thu Feb 2 13:57:46 2017 : Error: rlm_perl: perl_embed:: module = /etc/raddb/mods-config/perl/privacyidea.pm , func = authenticate exit status= Undefined subroutine &Carp::authenticate called at /usr/share/perl5/vendor_perl/Carp.pm line 100.

Fortunately

2 comments:

Unknown27 April 2018 at 04:09
does it work eventually?
ReplyDelete
Replies
Peter27 April 2018 at 04:11
Hi there, yes it did
ReplyDelete
Replies

Add comment