RE: Radius with SSL

Anderson Alves de Albuquerque Thu, 13 Jan 2005 11:43:29 -0800


 I created de cacert.pem like 
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html.
 I don�t understand what is ...
 
  There is other good paper in the Internet?





On Thu, 13 Jan 2005, Willey Kurt D wrote:

> I don't use slapd, but it looks like your CA isn't known (trusted):
> "...tlsv1 alert unknown ca"
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:32 PM
> To: [email protected]
> Subject: RE: Radius with SSL
> 
> 
> 
> 
>  In option debug of the LDAP I look this:
> ---------------------------
> .
> .
> .
> .
> tls_read: want=5, got=5
>   0000:  15 03 01 00 02                                     .....
> tls_read: want=2, got=2
>   0000:  02 30                                              .0
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 
> /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> ^Cslapd shutdown: waiting for 0 threads to terminate
> slapd stopped.
> -----------------------------
> 
> 
> 
> On Thu, 13 Jan 2005, Willey Kurt D wrote:
> 
> > Is your ldap server listening on that port?
> > "...Can't contact LDAP server..."
> > 
> > Does ldapsearch work?
> > 
> > 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Thursday, January 13, 2005 12:02 PM
> > To: [email protected]
> > Subject: RE: Radius with SSL
> > 
> > 
> > 
> >  I created the certificates with 
> > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my 
> > radiusd.conf the configs below, but I have problems. look my debug  in
> 
> > the radiusd with "-x":
> > 
> > -------------------------------------------------------------------
> > rad_recv: Access-Request packet from host 146.164.xxx.236:10537,
> id=104,
> > 
> > length=132
> >         User-Name = "aaa"
> >         CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> >         NAS-IP-Address = 146.164.xxx.236
> >         NAS-Identifier = "UFRJGK"
> >         NAS-Port-Type = Virtual
> >         Service-Type = Login-User
> >         CHAP-Challenge = 0x41e6bde1
> >         Framed-IP-Address = 146.164.xxx.198
> >         Attr-589825 = 
> >
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> > 3938303035343b
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for aaa
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> > rlm_ldap: setting TLS mode to 1
> > rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to 
> > 146.164.xxx.236:636
> > rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> > 146.164.xxx.236:636 
> > failed: Can't contact LDAP server
> > rlm_ldap: (re)connection attempt failed
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> > ----------------------------------------------------------
> > 
> > 
> > 
> > 
> > On Mon, 10 Jan 2005, Willey Kurt D wrote:
> > 
> > > Use port 636 to your ldaps server, and let the radius server do the
> > > work. The hardest part is generating the certificate trust.
> > > 
> > > Sample radiusd.conf for ldaps to Win2K AD:
> > >                 server = "127.0.0.1"
> > >                 port = 636
> > >                 identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > >                 password = yourpass 
> > >                 basedn = "dc=domain,dc=com"
> > >                 filter =
> > > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > >                 start_tls = no
> > >                 tls_cacertfile  =
> > > /usr/local/ssl/certs/sslcertificate.pem
> > >                 tls_cacertdir   = /usr/local/ssl/certs/
> > > 
> > > If you can get ldapsearch to work, radiusd is a breeze.
> > > 
> > > 
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > Anderson Alves de Albuquerque
> > > Sent: Monday, January 10, 2005 9:18 AM
> > > To: [email protected]
> > > Subject: Radius with SSL
> > > 
> > > 
> > > 
> > >  I need one manual about Radius + SSL.
> > > 
> > >  I have RADIUS making authentication in LDAP Server, but I need to
> > pass 
> > >  the authentication with SSL.
> > >  How can I make ? 
> > >  How cak I help me ? Please...
> > > 
> > > 
> > > - 
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > 
> > > - 
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > > 
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL

Reply via email to
