The init script that comes with net-dialup/freeradius-1.0.5 is grepping /etc/passwd and /etc/group for hardcoded user and group: if [ -z "`grep radiusd /etc/passwd`" ] || [ -z "`grep radiusd /etc/group`" ]; then eerror "radiusd user missing!" return 1 fi This obviously won't work when a) user wants to run radius under different user or group (as configured in /etc/raddb/radius.conf) b) users are stored in LDAP or other database than /etc/passwd (as configured in nsswitch.conf) My suggestion is to skip the user & group check. The check-radiusd-config script, which is called from the same init-script, will fail if the user specified in /etc/raddb/radius.conf don't exist. Alternatively, getent should be used instead. Then you'll also have to get the correct user and group to look for. Something like this should do the trick: # Verify that user & group exists RADIUSD_USER=`egrep "^user[ ]+=" /etc/raddb/radiusd.conf | awk -F"=" '{print $2}'` RADIUSD_GROUP=`egrep "^group[ ]+=" /etc/raddb/radiusd.conf | awk -F"=" '{print $2}'` test `getent passwd $RADIUSD_USER` || { eerror "$RADIUSD_USER user missing!" return 1 } test `getent group $RADIUSD_GROUP` || { eerror "$RADIUSD_GROUP group missing"! return 1 } But this kind of complexity will also make the ebuild more error-prone.
Unfortunately I need to change owner/group/permissions on /var/log/radius/radius.log. Otherwise, radiusd daemon will fail to write anything after it drops the privileges. I've fixed it using grep, cut and getent, which should exist on any gentoo install.
