Yes, but how do you set up the SSL tunnel and get the certificates to validate to the LDAP server? are you using stunnel ?
Ron. -----Original Message----- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: RE: RADIUS + LDAP + TLS Yes... Don't remember exactly where I found it, but, if you have LDAP working, then it's just a matter of adding a port=669 phrase to the configuration file (radiusd.conf) where you specify the ldap server. Owen --On Wednesday, June 18, 2003 9:40 AM -0600 Ron Wahler <[EMAIL PROTECTED]> wrote: > > Is there a description someplace that would show how > to setup an SSL connection from Freeradius to an external LDAP database. > > Thanks, > Ron. > > -----Original Message----- > From: Owen DeLong [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 9:05 AM > To: [EMAIL PROTECTED] > Subject: Re: RADIUS + LDAP + TLS > > I don't know how to get TLS to work, but you should be able to do > SSL by specifying that the LDAP port to use is 669 (LDAPs) in > your radius.conf. I'm, however, having a similar problem in that > I am unable to get it to work because of a complaint about a self-signed > certificate. If you have any ideas on how to rectify that one, I'd > appreciate it. I've posted my question to the list twice and have > received zero response. > > Owen > > > --On Wednesday, June 18, 2003 12:32 PM +0200 "Francisco Orozco/Upcnet" > <[EMAIL PROTECTED]> wrote: > >> Hello to all, >> >> I've been using FreeRadius for a year, but now I'd like to implement >> RADIUS with LDAP authentication, I've test it and It works great. >> >> Now I'd like to protect radius - ldap server comunication using TLS. > But >> I'm not able to do it. >> >> My LDAP server is Notes Domino and I've been able to configure it >> correctly. I can connect to it using LDAP SSL/TLS, but I don't know > how >> to implement this in FreeRadius. >> >> I'm using freeradius-0.8.1 and this is my radiusd.conf >> >> >> >> Can you help me? >> >> When I try i view this log: >> >> rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, >> length=60 >> User-Name = "test" >> User-Password = "1234567890" >> NAS-IP-Address = 255.255.255.255 >> NAS-Port = 1 >> rad_lowerpair: User-Name now 'test' >> rad_lowerpair: User-Password now '1234567890' >> modcall: entering group authorize >> rlm_ldap: - authorize >> rlm_ldap: performing user authorization for test >> radius_xlat: '(uid=test)' >> radius_xlat: 'o=Prova' >> ldap_get_conn: Got Id: 0 >> rlm_ldap: attempting LDAP reconnection >> rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication > 0 >> rlm_ldap: setting TLS mode to 1 >> rlm_ldap: starting TLS >> rlm_ldap: ldap_start_tls_s() >> rlm_ldap: could not start TLS Protocol error >> rlm_ldap: (re)connection attempt failed >> rlm_ldap: search failed >> ldap_release_conn: Release Id: 0 >> modcall[authorize]: module "ldap" returns fail >> modcall: group authorize returns fail >> There was no response configured: rejecting request 0 >> Server rejecting request 0. >> Finished request 0 >> Going to the next request >> --- Walking the entire request list --- >> Waking up in 1 seconds... >> --- Walking the entire request list --- >> Waking up in 1 seconds... >> --- Walking the entire request list --- >> Sending Access-Reject of id 101 to 127.0.0.1:32792 >> Waking up in 4 seconds... >> --- Walking the entire request list --- >> Cleaning up request 0 ID 101 with timestamp 3ef0694c >> Nothing to do. Sleeping until we see a request. >> >> ______________________________________ >> Paco Orozco ([EMAIL PROTECTED]) >> Divisi� de Telecomunicacions >> UPCNet >> Edifici V�rtex - Pl. Eusebi G�ell, 6 >> Tel�fon centraleta: 93.40.11600 > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
