Peter Nixon wrote:
This is all cool, except my rpms no longer work by default :-D
A new install on a clean server of last night's snapshot rpm gives the following on first start:
OK. The server isn't running in debugging mode, so it expects to read the certificate file. If it isn't there, it complains. Of course, SSL's version of "file not found" is "permission denied" <sigh>.
Note that radiusd does not have permission to write to /etc/raddb with the default install of my rpms, and in my opinion should not need to have permission:
Exactly. The bootstrap is run ONLY in debugging mode, and should probably be done only if run as root.
Should I run "raddb/certs/bootstrap" during rpm build? On initial install?
When the RPM is installed. It will create per-host certificates. This should be safe, because no client will have the certificates installed. They won't trust the server if it presents them a newly created (and unknown) certificate. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog