Hallo Oreste , - Have you configured popper with: --with-openssl=path or --with-sslplus=path
- security certificate and a public-private key? - -l ? option for popper - ldap.conf: # SSL Configuration ssl yes sslpath /usr/local/ssl/certs or ssl yes ssl start_tls port ??? Some usefull links: http://www.saas.nsw.edu.au/solutions/ldap.html http://www.saas.nsw.edu.au/solutions/ldap-auth-pam.html http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/pamnss.html http://www.cosc.canterbury.ac.nz/~mpj17/ldap/ http://www.mandrakesecure.net/en/docs/ldap-auth.php http://www.padl.com/Contents/Documentation.html http://www.ibiblio.org/oswg/oswg-nightly/oswg/en_US.ISO_8859-1/articles/exch ange-replacement-howto/exchange-replacement-howto/x265.html hth, reg, Andreas > Hi guys, > > I' asking to the list after a lot of tests & recompilations. > I'm unable to make the ssl works with pam_ldap on a Solaris 2.6 box. > > Situation: > pam_ldap 153 > nss_ldap 202 > openldap 2.1.5 > openssl 0.9.6d > pam_ldap & nss_ldap compiled with openldap libraries. > > Without "ssl off" in /etc/ldap.conf > > NO PROBLEMS > Authentication with ssh works > Root Authentication with ssh works (permitrootlogin yes) > Password changing works > Su works > > With "ssl start_tls" in /etc/ldap.conf > > /var/adm/messages on the client machine reports: > > Oct 10 12:20:30 itnisp02p sshd[18261]: pam_ldap: ldap_starttls_s: Connect > error > Oct 10 12:20:35 itnisp02p sshd[18261]: pam_ldap: ldap_result Can't contact > LDAP server > > and > > /var/adm/messages > > connection_get(12): got connid=1 > connection_read(12): checking for input on id=1 > TLS trace: SSL_accept:before/accept initialization > TLS trace: SSL_accept:SSLv3 read client hello A > TLS trace: SSL_accept:SSLv3 write server hello A > TLS trace: SSL_accept:SSLv3 write certificate A > TLS trace: SSL_accept:SSLv3 write server done A > TLS trace: SSL_accept:SSLv3 flush data > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS trace: SSL_accept:error in SSLv3 read client certificate A > connection_get(12): got connid=1 > connection_read(12): checking for input on id=1 > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS: can't accept. > TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > s3_pkt.c:295 > connection_read(12): TLS accept error error=-1 id=1, closing > connection_closing: readying conn=1 sd=12 for close > connection_close: conn=1 sd=12 > > Any suggestions? > > > --- > Oreste Dimaggio - System Engineer > Epiclink S.p.a. http://www.epiclink.it > Tel: 0362-1855130 Fax: 0362-1855160 > >
