On Mon, 10 Mar 2003, Robert Morse wrote: > > Ok, now I have the ldap configuration set up properly in the radius.conf > file. > I can do basic authentications to the ldap server. Now I want to make those > connections on a secure port using ssl (or tls in this case). In the > radius.conf file > I have these entries now: > > start_tls = yes > tls_mode = yes > port = 636
I would suggest using port = 389, tls_mode = no and start_tls = yes That way you will use the StartTLS extended operation and not the old LDAPS > > When I do the radtest command, I get this error on the screen: > > Sending Access-Request of id 210 to 127.0.0.1:1645 > User-Name = "test_user" > User-Password = > ".\342\325t\423\312\246\247\205\272\033\117\267\221,\347" > NAS-IP-Address = test.radius.brown.edu > NAS-Port = 0 > > > and this shows up from radiusd: > > rad_recv: Access-Request packet from host 127.0.0.1:45471, id=204, length=59 > User-Name = "test_user" > User-Password = "secretpassword" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 0 > modcall: entering group authorize > rlm_ldap: - authorize > rlm_ldap: performing user authorization for test_user > radius_xlat: '(uid=test_user)' > radius_xlat: 'ou=people,dc=brown,dc=edu' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to directory.cis-qas.brown.edu:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: could not set LDAP_OPT_X_TLS option Success > rlm_ldap: starting TLS > > > Has anybody seen this error before? Thanks. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
