Re: [FUG-BR] TLS (fwd)

[Giovanni P. Tirloni]

Anderson Alves de Albuquerque wrote:
 Na minha tela de debug do Freeradius no Freebsd aparece a tela abixo, 
alguém sabe o que pode ser?

-------------- debug -X ----------------------------
Cleaning up request 0 ID 41 with timestamp 41fc77b9
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 146.x.y.x:10958, id=41, 
length=142
        User-Name = "anderson"
        CHAP-Password = 0x264687ce992af9084804a7d3fe6d654eae
        NAS-IP-Address = 146.x.y.235
        NAS-Identifier = "UFRJGK"
        NAS-Port-Type = Virtual
        Service-Type = Login-User
        CHAP-Challenge = 0x41fbbfc3
        Framed-IP-Address = 146.x.y.x
        Cisco-AVPair = "h323-ivr-out=terminal-alias:anderson,025980011;"
rad_lowerpair:  User-Name now 'anderson'
rad_rmspace_pair:  User-Name now 'anderson'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
    rlm_realm: No '@' in User-Name = "anderson", looking up realm NULL
    rlm_realm: Found realm "NULL"
    rlm_realm: Adding Stripped-User-Name = "anderson"
    rlm_realm: Proxying request from user anderson to realm NULL
    rlm_realm: Adding Realm = "NULL"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 1
  modcall[authorize]: module "digest" returns noop for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anderson
radius_xlat:  '(&(uid=anderson)(objectclass=radiusprofile))'
radius_xlat:  'ou=users,dc=br'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /home/brunoos/temp/certs/rootCA.crt
rlm_ldap: setting TLS CACert File to /home/brunoos/temp/certs/
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: setting TLS Cert File to /home/brunoos/temp/certs/server.crt
rlm_ldap: setting TLS Key File to /home/brunoos/temp/certs/server.key
rlm_ldap: starting TLS
rlm_ldap: ldap_start_tls_s()
rlm_ldap: could not start TLS Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns fail for request 1
modcall: group authorize returns fail for request 1
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
 Pelos logs ele apenas não consegue abrir uma conexão seguro com o 
servidor LDAP (Can't contact LDAP server). Tente utilizar algum 
comando (não lembro de cabeça) você mesmo para abrir essa conexão 
utilizando os certificados que definiu para o radiusd.

Boa sorte,
--
Giovanni P. Tirloni
tirloni.org
_______________________________________________________________
Para enviar um novo email para a lista: freebsd@fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/