I am trying to establish a secure connection between freeradius and a Novell
eDirectory LDAP server. After configuring LDAP in radiusd.conf it seemed to
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.5:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /usr/local/etc/raddb/ldap_ca_cert.pem
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: starting TLS
rlm_ldap: could not start TLS Operations error
rlm_ldap: (re)connection attempt failed
Because I don't know how to get logs from the eDirectory side, I recorded
the traffic between both hosts and saw that the TLS handshake had been done,
both mashines had exchanged cipher key and begun to send data. After 3 or 4
packets the LDAP server sent a "encrypted alert" and disconnected. Since
these data are encrypted I could not see what happened indeed.
My question: is it possible to get more debug info from the freeradius side?
If yes, how?
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html