Le jeudi 31 janvier 2008, Sebastian Heil a écrit : > > Le mercredi 30 janvier 2008, Sebastian Heil a écrit : > > > > Sebastian Heil wrote: > > > > ... > > > > > > > > > i added the following lines to the ldap-section: > > > > > > > > ... > > > > > > > > > rlm_ldap: could not start TLS Can't contact LDAP server > > > > It doesn't seem that your TLS is well initiated. I don't think it is an > > ldap > > or freeradius issue. > > Maybe... maybe not... i dont know... the configuration-options for ldaps > are not really good documented, i think. > > how can i confirm, which software produces this problem? > > In a first time, perhaps you could try your conf > > > without > > the TLS tunnel. > > My configuration works with "normal" ldap. so i tried to "upgrade" to > ldaps, which didn't work.
The hypothesis of the TLS problem seems to be confirmed. > > > > 14 0.049652 freeradius edirectory TLSv1 > > > Encrypted Alert > > Any ideas which problem can produce this "encrypted alert"? > It is a really difficult question (for me at least). Using wireshark, you could have a more precise view of the message sent from freeradius to ldap. There is a lot of things that can produce the failure of the init of a TLS tunnel. Bad certificats, failure of the negociation of the cryptographic protocols, etc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
