On Fri, 23 Jul 2004 [EMAIL PROTECTED] wrote: > Hello, > > I successfully gotten ldap and radius to talk using the > radcheck <user> <passwd> 127.0.0.1 1 testing123 > which gives me a Access-Accept message. So I assume that > Im working correctly. > > Now I would like to get this encrypted either by using SSL > or TLS. So I use debian/sarge, thus I apt-get install'ed > freeradius, ldap-utils, openssl, libssl...etc > > What Ive tried,TLS: > Setting start_tls = yes, restart server, try radcheck, get > Access-Reject > > Message that I get from logs: > Info: Ready to process requests. > Error: rlm_ldap: could not start TLS Connect error > Error: rlm_ldap: (re)connection attempt failed > > Ive read most of the messages concerning tls and radius with ldap and > nothing in them has helped me to get it working. ie, added tls_mode = yes. > and port = 389. > > What Ive tried, SSL: > Setting start_tls = no, tls_mode=no, port=636 (ldap over ssl), restarted > server, try radcheck, get Access-Reject > > Telnet ldap 636 gets in > I tried to tunnel through ssl via stunnel with the same error. > > Message that I get from logs: > Error: rlm_ldap: bind to <ldap>:636 failed: Can't contact LDAP server > Error: rlm_ldap: (re)connection attempt failed > > Any help would be greatly appreciated!
Are you sure you trust the ldap server's certificate? Check your openldap install ldap.conf file, search for the directive TLS_REQCERT. Man ldap.conf for a description of the possible values. Can you connect to your ldap server through the ldapsearch command line tool with StartTLS or LDAPS? What does your ldap server log as error? > > David > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
