ldapsearch -vvv -H ldap://nw1.system.wifi -x -Z -b ou=adm,ou=malmo,o=wifi "cn=lotta" ldap_initialize( ldap://nw1.system.wifi ) ldap_start_tls: Connect error (-11) ldap_result: Can't contact LDAP server (-1) [EMAIL PROTECTED]:/etc/freeradius/certs#
And works without -Z :( Can it have something to do with our IP-change after we installed the novell / novellCA ? Its the correct ip to the server, but can the CA/certificate take damage in a IP-change? (The root-cert is exported AFTER the IP-change, but the CA-services was installed BEFORE the change). The hosts-file seems to be needed cause else i dont think that the linux-freeradius can map the nw1.system.wifi to an IP. /Mr G >From: "Jorgen Rosink" <[EMAIL PROTECTED]> >Reply-To: FreeRadius users mailing list ><[email protected]> >To: "FreeRadius users mailing list" <[email protected]> >Subject: Re: TLS cant connect ldap+freeradius+novell >Date: Mon, 23 Jul 2007 12:39:58 +0200 > >On 7/23/07, Jorgen Rosink <[EMAIL PROTECTED]> wrote: > > On 7/23/07, Martin G <[EMAIL PROTECTED]> wrote: > > > > > If thats some kind of help!? > > > > There's a step-by-step howto on the Novell site: > > > > http://www.novell.com/documentation/edir_radius/index.html > > > > The section: > > > > Configuring the FreeRADIUS Server to Integrate with eDirectory -> > > Modifying the LDAP Module > > > > seems pretty self-explainary, follow the instructions, they do work ! > > > > Try to understand the difference between TLS and SSL, > > http://en.wikipedia.org/wiki/Transport_Layer_Security, this makes > > debugging the encryption stuff much easier. > > > > Good luck ! > >Ow, I forgot to say this: > >* You're connecting to the LDAP server with an IP address: > >URI ldap://10.10.0.11 ldap://10.10.0.11 > >* But the LDAP server is using a DNS based certificate: > >"Transport Layer Security (TLS / SSL)" >Server Certificate: "SSL CertificateDNS" > > >Try to change that one to "SSL CertificateIP" or connect to LDAP from >FreeRadius with a FQDN, don't care about host files. Certificate >validation doesn't care about host files, it cares about the Common >Name... >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
