Hiya, I'm bit confused. I'd like to use, as I mentioned, RADIUS + LDAP over encripted comunications (TLS).
I order to user RADIUS + LDAP I've compiled FreeRadius, but I haven't installed any OpenLDAP SDK. Then I've configured radiusd.conf as mentioned in past messages. I try it and It works great. I can authenticate users via LDAP. When I try to use TLS I've configured radiusd.conf parameters: "stat_tls=yes" "tls_mode=yes" "port=636" It's not working, see log. "Protocol Error", It means that I need to compile something. I don't want to authenticate LDAP server from RADIUS, so I doesn't need to install OpenSSL and CA certificates. I only want to encrypt RADIUS - LDAP comunication, without ensuring identity of any. Please... can you put some light on my work???? > >> >>>> > >> >>>> rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, > >> >>>> length=60 > >> >>>> User-Name = "test" > >> >>>> User-Password = "1234567890" > >> >>>> NAS-IP-Address = 255.255.255.255 > >> >>>> NAS-Port = 1 > >> >>>> rad_lowerpair: User-Name now 'test' > >> >>>> rad_lowerpair: User-Password now '1234567890' > >> >>>> modcall: entering group authorize > >> >>>> rlm_ldap: - authorize > >> >>>> rlm_ldap: performing user authorization for test > >> >>>> radius_xlat: '(uid=test)' > >> >>>> radius_xlat: 'o=Prova' > >> >>>> ldap_get_conn: Got Id: 0 > >> >>>> rlm_ldap: attempting LDAP reconnection > >> >>>> rlm_ldap: (re)connect to ldap.server.mycompany.es:636, > >> > authentication > >> >>> 0 > >> >>>> rlm_ldap: setting TLS mode to 1 > >> >>>> rlm_ldap: starting TLS > >> >>>> rlm_ldap: ldap_start_tls_s() > >> >>>> rlm_ldap: could not start TLS Protocol error > >> >>>> rlm_ldap: (re)connection attempt failed > >> >>>> rlm_ldap: search failed > >> >>>> ldap_release_conn: Release Id: 0 > >> >>>> modcall[authorize]: module "ldap" returns fail > >> >>>> modcall: group authorize returns fail > >> >>>> There was no response configured: rejecting request 0 > >> >>>> Server rejecting request 0. > >> >>>> Finished request 0 > >> >>>> Going to the next request > >> >>>> --- Walking the entire request list --- > >> >>>> Waking up in 1 seconds... > >> >>>> --- Walking the entire request list --- > >> >>>> Waking up in 1 seconds... > >> >>>> --- Walking the entire request list --- > >> >>>> Sending Access-Reject of id 101 to 127.0.0.1:32792 > >> >>>> Waking up in 4 seconds... > >> >>>> --- Walking the entire request list --- > >> >>>> Cleaning up request 0 ID 101 with timestamp 3ef0694c > >> >>>> Nothing to do. Sleeping until we see a request. ______________________________________ Paco Orozco ([EMAIL PROTECTED]) Divisi� de Telecomunicacions UPCNet Edifici V�rtex - Pl. Eusebi G�ell, 6 Tel�fon centraleta: 93.40.11600 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
