Hi Brent,
remote {
auth = pubkey
id = O=FooBar (https://foobar.tld/), OU=nodes, CN=*
cacerts =
/etc/pki/ca-trust/source/anchors/FooBar_CA.pem,/etc/pki/ca-trust/source/anchors/FooBar_Intermediate.pem
round = 0
}
remote {
auth = eap-radius
eap_id = %any
round = 1
}
This won't work. The two "remote" sections get merged together, while
the latter overrides existing key/value pairs, so you end up with:
remote {
auth = eap-radius
id = O=FooBar (https://foobar.tld/), OU=nodes, CN=*
cacerts =
/etc/pki/ca-trust/source/anchors/FooBar_CA.pem,/etc/pki/ca-trust/source/anchors/FooBar_Intermediate.pem
> eap_id = %any
round = 1
}
Make sure to name these sections differently (the actual name doesn't
matter as long they start with "remote", so "remote-1/2" works as well
as "remote-pubkey/eap").
Regards,
Tobias
