Hiya, Finally I've installed openSSL, but I think I'm forgetting something, because I can authenticate via LDAP over SSL.
I've installed openSSL (openssl-0.9.7b).
I've installed Freeradius (freeradius-0.8.1) as:
tar -zxvf freeradius.tar.gz
cd freeradius-0.8.1
./configure --prefix=/opt/freeradius
make
make install
Then I configured radiusd.conf (see file below).
First with port=389 (LDAP without SSL):
rad_recv: Access-Request packet from host 127.0.0.1:32805, id=90,
length=60
User-Name = "99990010"
User-Password = "hola123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
rad_lowerpair: User-Name now '99990010'
rad_lowerpair: User-Password now 'hola123'
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 99990010
radius_xlat: '(uid=99990010)'
radius_xlat: 'o=LCX'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=LCX, with filter (uid=99990010)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user 99990010 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "99990010" with password "hola123"
rlm_ldap: user DN: CN=Usuari Proves10,O=LCX
rlm_ldap: (re)connect to albinoni.upc.es:389, authentication 1
rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to albinoni.upc.es:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user 99990010 authenticated succesfully
modcall[authenticate]: module "ldap" returns ok
modcall: group authtype returns ok
Sending Access-Accept of id 90 to 127.0.0.1:32805
It works great. I can authenticate without any problem.
Now I'll try with LDAP over SSL, as you can see I haven't installed any
selfsigned o CA certificate, but I can't see any message about it.
Now port=636:
rad_recv: Access-Request packet from host 127.0.0.1:32806, id=100,
length=60
User-Name = "99990010"
User-Password = "hola123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
rad_lowerpair: User-Name now '99990010'
rad_lowerpair: User-Password now 'hola123'
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for 99990010
radius_xlat: '(uid=99990010)'
radius_xlat: 'o=LCX'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as / to albinoni.upc.es:636
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=LCX, with filter (uid=99990010)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user 99990010 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "99990010" with password "hola123"
rlm_ldap: user DN: CN=Usuari Proves10,O=LCX
rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 1
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to albinoni.upc.es:636
rlm_ldap: waiting for bind result ...
modcall[authenticate]: module "ldap" returns reject
modcall: group authtype returns reject
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
I think RADIUS can connect to LDAP server over SSL, because it can do the
first filter, but qhen it tries to authenticate it is missing something...
More help!!!!! :-)
______________________________________
Paco Orozco ([EMAIL PROTECTED])
Divisi� de Telecomunicacions
UPCNet
Edifici V�rtex - Pl. Eusebi G�ell, 6
Tel�fon centraleta: 93.40.11600
radiusd.conf
Description: Binary data
