The OpenLDAP build was part of the freeradius build or did you do them separate? Our LDAP is not on the server it is on another box.
How did you get the certificates installed? How did you get them to validate? -----Original Message----- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: RE: RADIUS + LDAP + TLS No... The OpenLDAP libraries used to build Freeradius already handle all of that for you. At least in my case, it just worked, except for that niggling issue of the self-signed certificate. If your LDAP server is already set up to handle SSL connections, that should be all you need. Owen --On Wednesday, June 18, 2003 9:58 AM -0600 Ron Wahler <[EMAIL PROTECTED]> wrote: > > Yes, but how do you set up the SSL tunnel and get the certificates to > validate to the LDAP server? are you using stunnel ? > > Ron. > > -----Original Message----- > From: Owen DeLong [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 9:55 AM > To: [EMAIL PROTECTED] > Subject: RE: RADIUS + LDAP + TLS > > Yes... Don't remember exactly where I found it, but, if you have LDAP > working, then it's just a matter of adding a port=669 phrase to the > configuration file (radiusd.conf) where you specify the ldap server. > > Owen > > --On Wednesday, June 18, 2003 9:40 AM -0600 Ron Wahler > <[EMAIL PROTECTED]> wrote: > >> >> Is there a description someplace that would show how >> to setup an SSL connection from Freeradius to an external LDAP > database. >> >> Thanks, >> Ron. >> >> -----Original Message----- >> From: Owen DeLong [mailto:[EMAIL PROTECTED] >> Sent: Wednesday, June 18, 2003 9:05 AM >> To: [EMAIL PROTECTED] >> Subject: Re: RADIUS + LDAP + TLS >> >> I don't know how to get TLS to work, but you should be able to do >> SSL by specifying that the LDAP port to use is 669 (LDAPs) in >> your radius.conf. I'm, however, having a similar problem in that >> I am unable to get it to work because of a complaint about a > self-signed >> certificate. If you have any ideas on how to rectify that one, I'd >> appreciate it. I've posted my question to the list twice and have >> received zero response. >> >> Owen >> >> >> --On Wednesday, June 18, 2003 12:32 PM +0200 "Francisco Orozco/Upcnet" >> <[EMAIL PROTECTED]> wrote: >> >>> Hello to all, >>> >>> I've been using FreeRadius for a year, but now I'd like to implement >>> RADIUS with LDAP authentication, I've test it and It works great. >>> >>> Now I'd like to protect radius - ldap server comunication using TLS. >> But >>> I'm not able to do it. >>> >>> My LDAP server is Notes Domino and I've been able to configure it >>> correctly. I can connect to it using LDAP SSL/TLS, but I don't know >> how >>> to implement this in FreeRadius. >>> >>> I'm using freeradius-0.8.1 and this is my radiusd.conf >>> >>> >>> >>> Can you help me? >>> >>> When I try i view this log: >>> >>> rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, >>> length=60 >>> User-Name = "test" >>> User-Password = "1234567890" >>> NAS-IP-Address = 255.255.255.255 >>> NAS-Port = 1 >>> rad_lowerpair: User-Name now 'test' >>> rad_lowerpair: User-Password now '1234567890' >>> modcall: entering group authorize >>> rlm_ldap: - authorize >>> rlm_ldap: performing user authorization for test >>> radius_xlat: '(uid=test)' >>> radius_xlat: 'o=Prova' >>> ldap_get_conn: Got Id: 0 >>> rlm_ldap: attempting LDAP reconnection >>> rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication >> 0 >>> rlm_ldap: setting TLS mode to 1 >>> rlm_ldap: starting TLS >>> rlm_ldap: ldap_start_tls_s() >>> rlm_ldap: could not start TLS Protocol error >>> rlm_ldap: (re)connection attempt failed >>> rlm_ldap: search failed >>> ldap_release_conn: Release Id: 0 >>> modcall[authorize]: module "ldap" returns fail >>> modcall: group authorize returns fail >>> There was no response configured: rejecting request 0 >>> Server rejecting request 0. >>> Finished request 0 >>> Going to the next request >>> --- Walking the entire request list --- >>> Waking up in 1 seconds... >>> --- Walking the entire request list --- >>> Waking up in 1 seconds... >>> --- Walking the entire request list --- >>> Sending Access-Reject of id 101 to 127.0.0.1:32792 >>> Waking up in 4 seconds... >>> --- Walking the entire request list --- >>> Cleaning up request 0 ID 101 with timestamp 3ef0694c >>> Nothing to do. Sleeping until we see a request. >>> >>> ______________________________________ >>> Paco Orozco ([EMAIL PROTECTED]) >>> Divisi� de Telecomunicacions >>> UPCNet >>> Edifici V�rtex - Pl. Eusebi G�ell, 6 >>> Tel�fon centraleta: 93.40.11600 >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
