RE: RADIUS + LDAP + TLS

Owen DeLong Wed, 18 Jun 2003 09:28:45 -0700

No... The OpenLDAP libraries used to build Freeradius already handle
all of that for you.  At least in my case, it just worked, except for
that niggling issue of the self-signed certificate.  If your LDAP
server is already set up to handle SSL connections, that should be
all you need.

Owen

--On Wednesday, June 18, 2003 9:58 AM -0600 Ron Wahler <[EMAIL PROTECTED]> wrote:


Yes, but how do you set up the SSL tunnel and get the certificates to
validate to the LDAP server? are you using stunnel ?

Ron.

-----Original Message-----
From: Owen DeLong [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 9:55 AM
To: [EMAIL PROTECTED]
Subject: RE: RADIUS + LDAP + TLS

Yes... Don't remember exactly where I found it, but, if you have LDAP
working, then it's just a matter of adding a port=669 phrase to the
configuration file (radiusd.conf) where you specify the ldap server.

Owen

--On Wednesday, June 18, 2003 9:40 AM -0600 Ron Wahler
<[EMAIL PROTECTED]> wrote:


Is there a description someplace that would show how
to setup an SSL connection from Freeradius to an external LDAP

database.


Thanks,
Ron.

-----Original Message-----
From: Owen DeLong [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 9:05 AM
To: [EMAIL PROTECTED]
Subject: Re: RADIUS + LDAP + TLS

I don't know how to get TLS to work, but you should be able to do
SSL by specifying that the LDAP port to use is 669 (LDAPs) in
your radius.conf.  I'm, however, having a similar problem in that
I am unable to get it to work because of a complaint about a

self-signed

certificate.  If you have any ideas on how to rectify that one, I'd
appreciate it.  I've posted my question to the list twice and have
received zero response.

Owen


--On Wednesday, June 18, 2003 12:32 PM +0200 "Francisco Orozco/Upcnet"
<[EMAIL PROTECTED]> wrote:

Hello to all,
I've been using FreeRadius for a year, but now I'd like to implement
RADIUS with LDAP authentication, I've test it and It works great.
Now I'd like to protect radius - ldap server comunication using TLS.

But

I'm not able to do it.

My LDAP server is Notes Domino and I've been able to configure it
correctly. I can connect to it using LDAP SSL/TLS, but I don't know

how

to implement this in FreeRadius.

I'm using freeradius-0.8.1 and this is my radiusd.conf

Can you help me?

When I try i view this log:

rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101,
length=60
        User-Name = "test"
        User-Password = "1234567890"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1
rad_lowerpair:  User-Name now 'test'
rad_lowerpair:  User-Password now '1234567890'
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'o=Prova'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication

0

rlm_ldap: setting TLS mode to 1
rlm_ldap: starting TLS
rlm_ldap: ldap_start_tls_s()
rlm_ldap: could not start TLS Protocol error
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns fail
modcall: group authorize returns fail
There was no response configured: rejecting request 0
Server rejecting request 0.
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 101 to 127.0.0.1:32792
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 101 with timestamp 3ef0694c
Nothing to do.  Sleeping until we see a request.

______________________________________
Paco Orozco ([EMAIL PROTECTED])
Divisi� de Telecomunicacions
UPCNet
Edifici V�rtex - Pl. Eusebi G�ell, 6
Tel�fon centraleta: 93.40.11600


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RADIUS + LDAP + TLS

Reply via email to