> Hiya, > > I'm bit confused. I'd like to use, as I mentioned, RADIUS + LDAP over > encripted comunications (TLS). > > I order to user RADIUS + LDAP I've compiled FreeRadius, but I haven't > installed any OpenLDAP SDK. Then I've configured radiusd.conf as mentioned > in past messages. > > I try it and It works great. I can authenticate users via LDAP. > This is a surprise. Where did rlm_ldap get it's LDAP libraries if you don't have Open LDAP installed?
> When I try to use TLS I've configured radiusd.conf parameters: > "stat_tls=yes" "tls_mode=yes" "port=636" > This is because you are confusing TLS and SSL. Port 636 is for SSL. TLS is different. It works over the regular 389 port. Not all LDAP servers support either one. If your LDAP server supports one or the other (few support both), you need to figure out which one. If it's TLS, you want: "start_tls=yes" "tls_mode=yes" "port=389" If it's SSL, you want: "start_tls=no" "tls_mode=no" "port=636" > It's not working, see log. "Protocol Error", It means that I need to > compile something. > That may also be necessary, but, Protocol Error alone doesn't necessarily mean that. > I don't want to authenticate LDAP server from RADIUS, so I doesn't need to > install OpenSSL and CA certificates. I only want to encrypt RADIUS - LDAP > comunication, without ensuring identity of any. > Right... You need to decide whether you want SSL or TLS, the configure accordingly. > Please... can you put some light on my work???? > Hope this helps. Owen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
