stefan.paetow@diamond.ac.uk wrote:
I have a quick question... Am I correct in saying that if I want to do all my proxying over TLS to another server, I have to define the default realm in /etc/raddb/sites-enabled/tls and comment it out in proxy.conf?
No. The files don't matter. The configuration does. You could just make the default home servers use tls. The realm will automatically pick that up when you tell it to use the home servers. But the realm can be defined anywhere.
And additionally, I have to define the proxy server as a client in the "clients radsec" section and as a server further down in the file?
The configuration on the home server has to list the proxy as a client. I'm not sure why you'd want to list the same machine as both a client and a server. If you're proxying, you list the other machine as a home server. If you're the home server, you list the proxy as a client. Alan DeKok.