Thursday 2 February 2017

Setting up LinOTP on CentOS 7 with FreeRADIUS (Version 3)

Currently the LinOTP documentation does not explain exactly how to get FreeRADIUS 3 up and running with it's perl module.

Some notes:

There is no need to populate the 'users' file (/etc/raddb/users)

Instead refer below for sample configuration that will work with FreeRADIUS 3:!topic/privacyidea/O2wdnmxIFNw

You will also need to install some additional dependencies for the LinOTP perl module:

sudo cpan LWP::Protocol::https

sudo yum install perl-Crypt-SSLeay perl-Net-SSLeay

I had to make extensive use of FreeRADIUS debug mode and the httpd error log:

radiusd -XXX

tail -f /var/log/httpd/httpd_error

Also if you have SELinux enabled you should keep in mind that access to the LinOTP server via the script will likely fail - to review:

ausearch -m avc -ts today | audit2allow

Another problem I encountered was issues with different versions of the Perl CARP module:

Thu Feb  2 13:57:46 2017 : Error: rlm_perl: perl_embed:: module = /etc/raddb/mods-config/perl/ , func = authenticate exit status= Undefined subroutine &Carp::authenticate called at /usr/share/perl5/vendor_perl/ line 100.