Re: FreeRADIUS + OpenLDAP + MSCHAPv2

On Nov 14 Tim Gustafson wrote: I'm running FreeRADIUS on a shiny-new CentOS 5.2 machine. The easiest way to install the latest FreeRADIUS on CentOS I know of is to visit , find the latest source RPM and rebuild it. It's a small am

Re: [awful patch] "Multiple levels of TLS nesting is invalid."

At 14:19 +0200 Alan DeKok wrote: I have run into another bug: if I instantiate rlm_ldap in my servers "dcs-inner" and "maths-inner", it seems to use the base DN for "maths-inner" (instantiated second) for queries from "dcs-inner". As always, debug mode. By this point we've correctly walked

Re: [awful patch] "Multiple levels of TLS nesting is invalid."

At 14:19 +0200 Alan DeKok wrote: Matt Bernstein wrote: We will have multiple server certificates; our departments are rather independent here. Ugh. There's not really any good reason for this. If the departmental certs are signed by a university CA, then you can still get away wit

Re: [awful patch] "Multiple levels of TLS nesting is invalid."

On Oct 15 Alan DeKok wrote: Matt Bernstein wrote: So saith FreeRADIUS 2.1.1, but I wasn't trying to do multiple levels of TLS nesting. I'm trying to use virtual servers so that a single radiusd can terminate TTLS/PEAP for multiple subrealms, _and_ use the inner-tunnel trick, k

[awful patch] "Multiple levels of TLS nesting is invalid."

So saith FreeRADIUS 2.1.1, but I wasn't trying to do multiple levels of TLS nesting. I'm trying to use virtual servers so that a single radiusd can terminate TTLS/PEAP for multiple subrealms, _and_ use the inner-tunnel trick, keeping the configs completely independent for each subrealm. This al