[CentOS] Freeradius, openldap and TLS

Thu Apr 14 22:39:28 UTC 2016
Andrew Daviel <advax at triumf.ca>

We have a freeradius server using LDAP authentication against openldap.

We have had freeradius-3.0.4-6 on CentOS 7 successfully communicating 
with openldap-servers-2.3.43 on CentOS 5.

We need some features in freeradius-3.0.12. When I build that on CentOS 
6, it initially works, but then develops TLS errors.

We can search and authenticate against the LDAP server with Apache, and 
with ldapsearch using ldaps:// URLs and with start_tls.

If I ask the freeradius community, I am told unequivocally to use 
OpenSSL not NSS. (currently, radiusd is finding the server CA 
certificate in /etc/raddb/certs/cert8.db but the client certificate in a 
PEM file after looking in cert8.db first)

Is this possible with the standard CentOS builds, and if so, is there a 
tutorial or examples anywhere ?

If not, has anyone solved this problem ?

Andrew Daviel, TRIUMF, Canada