Michael Courtney wrote:
I would like to have two SSL certs on the Radius box: one, for the internal connections to our servers, and two, an SSL cert that one can verify as a trusted Root Authority for the TTLS connections.
This is causing an issue right now on the server.
No, many people are doing what you want to do. It isn't a problem.
Here's the output in the logs:
Feb 14 12:47:26 radius kernel: audit(1171478846.538:8): avc: denied { read } for pid=10837 comm="radiusd" name="radius.lawrencefreenet.org.crt" dev=dm-0 ino=1310741 scontext=root:system_r:radiusd_t:s0 tcontext=root:object_r:user_home_t:s0 tclass=file
You're running SELinux, and you've configured it so that radiusd doesn't have permission to read the certificate file. Fix that.
As you can see, the CA_files are different, since they are signed by different certificate authorities. I have tried this configuration and 777'ed each of the files to no avail.
The "avc: denied { read }" says it's not a permissions issue. Look that text up on Google, and you'll see more.
Is the configuration I'm trying to implement possible? Any help that you can offer would be greatly appreciated!
There's nothing in FreeRADIUS or SSL that is preventing the configuration from working. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog