Multiple SSL CA Files

Freeradius List,

I have Freeradius 1.1.3 running on a Fedora Core 6 box, and it works
great in the current setup.

My question has to do with a configuration change that I'm having
trouble implementing. Right now, I have an in-house CA Cert that was
generated for our servers that sit behind a firewall. The Radius server
connects to our LDAP box via a hole in the firewall over an SSL
connection that was generated with our internal CA Cert.

I would like to have two SSL certs on the Radius box: one, for the
internal connections to our servers, and two, an SSL cert that one can
verify as a trusted Root Authority for the TTLS connections.

This is causing an issue right now on the server.

I have the following LDAP fields in radiusd.conf:

tls_cacertfile = /etc/lfncerts/cacert.pem
tls_certfile = /etc/lfncerts/ldap2_public_cert.pem
tls_keyfile = /etc/lfncerts/ldap2_private_key.pem

I have the following fields in the eap.conf:

private_key_file = /etc/lfnnewcerts/radius.lawrencefreenet.org.key
certificate_file = /etc/lfnnewcerts/radius.lawrencefreenet.org.crt
CA_file = /etc/lfnnewcerts/rapidssl_01.cer

Here's the output in the logs:

Feb 14 12:47:26 radius kernel: audit(1171478846.538:8): avc: denied {
read } for pid=10837 comm="radiusd"
name="radius.lawrencefreenet.org.crt" dev=dm-0 ino=1310741
scontext=root:system_r:radiusd_t:s0
tcontext=root:object_r:user_home_t:s0 tclass=file

As you can see, the CA_files are different, since they are signed by
different certificate authorities. I have tried this configuration and
777'ed each of the files to no avail.

Is the configuration I'm trying to implement possible? Any help that you
can offer would be greatly appreciated!

Thanks for your time!

-Mike


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html