Michael Courtney wrote: > I would like to have two SSL certs on the Radius box: one, for the > internal connections to our servers, and two, an SSL cert that one can > verify as a trusted Root Authority for the TTLS connections. > > This is causing an issue right now on the server.
No, many people are doing what you want to do. It isn't a problem. > Here's the output in the logs: > > Feb 14 12:47:26 radius kernel: audit(1171478846.538:8): avc: denied { > read } for pid=10837 comm="radiusd" > name="radius.lawrencefreenet.org.crt" dev=dm-0 ino=1310741 > scontext=root:system_r:radiusd_t:s0 > tcontext=root:object_r:user_home_t:s0 tclass=file You're running SELinux, and you've configured it so that radiusd doesn't have permission to read the certificate file. Fix that. > As you can see, the CA_files are different, since they are signed by > different certificate authorities. I have tried this configuration and > 777'ed each of the files to no avail. The "avc: denied { read }" says it's not a permissions issue. Look that text up on Google, and you'll see more. > Is the configuration I'm trying to implement possible? Any help that you > can offer would be greatly appreciated! There's nothing in FreeRADIUS or SSL that is preventing the configuration from working. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html