Is there a description someplace that would show how to setup an SSL connection from Freeradius to an external LDAP database.
Thanks, Ron. -----Original Message----- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 9:05 AM To: [EMAIL PROTECTED] Subject: Re: RADIUS + LDAP + TLS I don't know how to get TLS to work, but you should be able to do SSL by specifying that the LDAP port to use is 669 (LDAPs) in your radius.conf. I'm, however, having a similar problem in that I am unable to get it to work because of a complaint about a self-signed certificate. If you have any ideas on how to rectify that one, I'd appreciate it. I've posted my question to the list twice and have received zero response. Owen --On Wednesday, June 18, 2003 12:32 PM +0200 "Francisco Orozco/Upcnet" <[EMAIL PROTECTED]> wrote: > Hello to all, > > I've been using FreeRadius for a year, but now I'd like to implement > RADIUS with LDAP authentication, I've test it and It works great. > > Now I'd like to protect radius - ldap server comunication using TLS. But > I'm not able to do it. > > My LDAP server is Notes Domino and I've been able to configure it > correctly. I can connect to it using LDAP SSL/TLS, but I don't know how > to implement this in FreeRadius. > > I'm using freeradius-0.8.1 and this is my radiusd.conf > > > > Can you help me? > > When I try i view this log: > > rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, > length=60 > User-Name = "test" > User-Password = "1234567890" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 1 > rad_lowerpair: User-Name now 'test' > rad_lowerpair: User-Password now '1234567890' > modcall: entering group authorize > rlm_ldap: - authorize > rlm_ldap: performing user authorization for test > radius_xlat: '(uid=test)' > radius_xlat: 'o=Prova' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: starting TLS > rlm_ldap: ldap_start_tls_s() > rlm_ldap: could not start TLS Protocol error > rlm_ldap: (re)connection attempt failed > rlm_ldap: search failed > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns fail > modcall: group authorize returns fail > There was no response configured: rejecting request 0 > Server rejecting request 0. > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 101 to 127.0.0.1:32792 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 101 with timestamp 3ef0694c > Nothing to do. Sleeping until we see a request. > > ______________________________________ > Paco Orozco ([EMAIL PROTECTED]) > Divisi� de Telecomunicacions > UPCNet > Edifici V�rtex - Pl. Eusebi G�ell, 6 > Tel�fon centraleta: 93.40.11600 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
