Radsec config query

Alex Sharaz alex.sharaz at york.ac.uk
Fri Jul 21 12:34:32 CEST 2017

Been playing with RADSEC (FR3.0.15) and having gt stuff working thought I'd
tidy up my config files so ...

sites-enabled/tls has the following structure

listen {
clients = radsec

limit {
tls {
<my radse tls config>
} //end of listen
clients radsec {
home_server tls  ....
home_server_pool ...
realm .....

having sorted out the tls {..} section, I added a

tls {
$include our_tls/
to my radiusd.conf file

and copied the contents of my original tls section into
/usr/local/etc/freeradius/our_tls/prodn2 as shown below

prodn2 {
<all tls config setting from original sites-enabled/tls file  tls section>

In sites-enabled/tls I then replaced
tls {

with tls = ${tls.prodn2}

FR fails to start up with error

Fri Jul 21 10:19:24 2017 : Error:
/usr/local/etc/freeradius/sites-enabled/tls[87]: Client does not have the
same TLS configuration as the listener
Fri Jul 21 10:19:24 2017 : Error:
/usr/local/etc/freeradius/sites-enabled/tls[7]: Failed to load clients for
this listen section

but all I've done is move the tls{..} contents into radiusd.conf tls
{prodn2 {...}} and added a tls=${tls.prodn2} statement.

More information about the Freeradius-Users mailing list