RE: Radius with SSL

Anderson Alves de Albuquerque Thu, 13 Jan 2005 10:32:39 -0800


 I created the certificates with 
http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my 
radiusd.conf the configs below, but I have problems. look my debug  in 
the radiusd with "-x":


-------------------------------------------------------------------
rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104, 
length=132
        User-Name = "aaa"
        CHAP-Password = 0x658558a664c7032b44818a81b755804a11
        NAS-IP-Address = 146.164.xxx.236
        NAS-Identifier = "UFRJGK"
        NAS-Port-Type = Virtual
        Service-Type = Login-User
        CHAP-Challenge = 0x41e6bde1
        Framed-IP-Address = 146.164.xxx.198
        Attr-589825 = 
0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c3032353938303035343b
rlm_ldap: - authorize
rlm_ldap: performing user authorization for aaa
ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to 
146.164.xxx.236:636
rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to 146.164.xxx.236:636 
failed: Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
----------------------------------------------------------




On Mon, 10 Jan 2005, Willey Kurt D wrote:

> Use port 636 to your ldaps server, and let the radius server do the
> work. The hardest part is generating the certificate trust.
> 
> Sample radiusd.conf for ldaps to Win2K AD:
>                 server = "127.0.0.1"
>                 port = 636
>                 identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
>                 password = yourpass 
>                 basedn = "dc=domain,dc=com"
>                 filter =
> "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
>                 start_tls = no
>                 tls_cacertfile  =
> /usr/local/ssl/certs/sslcertificate.pem
>                 tls_cacertdir   = /usr/local/ssl/certs/
> 
> If you can get ldapsearch to work, radiusd is a breeze.
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Monday, January 10, 2005 9:18 AM
> To: [email protected]
> Subject: Radius with SSL
> 
> 
> 
>  I need one manual about Radius + SSL.
> 
>  I have RADIUS making authentication in LDAP Server, but I need to pass 
>  the authentication with SSL.
>  How can I make ? 
>  How cak I help me ? Please...
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Radius with SSL

Reply via email to