rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0
is a line that says:
rlm_ldap: setting TLS mode to 1
This leads me to believe that it is trying to start TLS as well, but I could be wrong. I haven't read through the code carefully.
Also, I'm not sure why it's trying to bind as Usuari in the second
bind. It looks like the bind didn't return and the module returned reject
due to timeout, so it might be that with SSL your LDAP server isn't responding
fast enough.
Owen
--On Monday, June 23, 2003 6:58 PM +0200 "Francisco Orozco/Upcnet" <[EMAIL PROTECTED]> wrote:
Owen,
I've got tls disabled. But I think I may configure something in openSSL.... Isnt' it?
Thanks
______________________________________ Paco Orozco ([EMAIL PROTECTED]) Divisi� de Telecomunicacions UPCNet Edifici V�rtex - Pl. Eusebi G�ell, 6 Tel�fon centraleta: 93.40.11600
[EMAIL PROTECTED] wrote on 23/06/2003 16:08:35:
If you're using Port 636, you probably need to set TLS off. I'm notsurestarting TLS over SSL works. Even if it does, it's kind of redundant.albinoni.upc.es:389
Owen
--On Monday, June 23, 2003 10:49 AM +0200 "Francisco Orozco/Upcnet" <[EMAIL PROTECTED]> wrote:
> Hiya, > > Finally I've installed openSSL, but I think I'm forgetting something, > because I can authenticate via LDAP over SSL. > > I've installed openSSL (openssl-0.9.7b). > I've installed Freeradius (freeradius-0.8.1) as: > > tar -zxvf freeradius.tar.gz > cd freeradius-0.8.1 > ./configure --prefix=/opt/freeradius > make > make install > > Then I configured radiusd.conf (see file below). > > First with port=389 (LDAP without SSL): > > rad_recv: Access-Request packet from host 127.0.0.1:32805, id=90, > length=60 > User-Name = "99990010" > User-Password = "hola123" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 1 > rad_lowerpair: User-Name now '99990010' > rad_lowerpair: User-Password now 'hola123' > modcall: entering group authorize > rlm_ldap: - authorize > rlm_ldap: performing user authorization for 99990010 > radius_xlat: '(uid=99990010)' > radius_xlat: 'o=LCX' > ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user 99990010 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > modcall: entering group authtype > rlm_ldap: - authenticate > rlm_ldap: login attempt by "99990010" with password "hola123" > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX > rlm_ldap: (re)connect to albinoni.upc.es:389, authentication 1 > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 toany> rlm_ldap: waiting for bind result ... > rlm_ldap: user 99990010 authenticated succesfully > modcall[authenticate]: module "ldap" returns ok > modcall: group authtype returns ok > Sending Access-Accept of id 90 to 127.0.0.1:32805 > > It works great. I can authenticate without any problem. > > Now I'll try with LDAP over SSL, as you can see I haven't installedalbinoni.upc.es:636> selfsigned o CA certificate, but I can't see any message about it. > > Now port=636: > > rad_recv: Access-Request packet from host 127.0.0.1:32806, id=100, > length=60 > User-Name = "99990010" > User-Password = "hola123" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 1 > rad_lowerpair: User-Name now '99990010' > rad_lowerpair: User-Password now 'hola123' > modcall: entering group authorize > rlm_ldap: - authorize > rlm_ldap: performing user authorization for 99990010 > radius_xlat: '(uid=99990010)' > radius_xlat: 'o=LCX' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: bind as / to albinoni.upc.es:636 > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user 99990010 authorized to use remote access > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok > modcall: group authorize returns ok > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > modcall: entering group authtype > rlm_ldap: - authenticate > rlm_ldap: login attempt by "99990010" with password "hola123" > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 1 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 tothe> rlm_ldap: waiting for bind result ... > modcall[authenticate]: module "ldap" returns reject > modcall: group authtype returns reject > auth: Failed to validate the user. > Delaying request 0 for 1 seconds > Finished request 0 > > I think RADIUS can connect to LDAP server over SSL, because it can do> first filter, but qhen it tries to authenticate it is missingsomething...http://www.freeradius.org/list/users.html> > More help!!!!! :-) > > > > > ______________________________________ > Paco Orozco ([EMAIL PROTECTED]) > Divisi� de Telecomunicacions > UPCNet > Edifici V�rtex - Pl. Eusebi G�ell, 6 > Tel�fon centraleta: 93.40.11600
- List info/subscribe/unsubscribe? See
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
