FreeRadius + Ldap + TLS/SSL

Rafał Kamiński rafal.kaminski at blstream.com
Mon Dec 4 13:28:04 CET 2006


Hello

I install freeradius on Debian Sarge machine. I have my user in ldap  
and I use that directory to auth. them. It's works. But when I want  
to use TLS in connections between radius and ldap, I have that error  
in radius log.

rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/ca.crt
rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to /etc/freeradius/cert/radius.crt
rlm_ldap: setting TLS Key File to /etc/freeradius/cert/radius.key
rlm_ldap: starting TLS
rlm_ldap: ldap_start_tls_s()
rlm_ldap: could not start TLS Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0

When i saw that error, i check ldap logs. My ldap is configure with  
SSL not a TLS. Now i have a problem with configure freeradius to work  
with SSL ldap not TLS ldap :(

I have in radiusd.conf:

server = "ldap"
port = 636
#port = 389
...
filter = "(uid=%u)"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
# tls_cacertfile        = /path/to/cacert.pem
tls_cacertfile = /etc/freeradius/cert/ca.crt
# tls_cacertdir         = /path/to/ca/dir/

tls_cacertdir = /etc/freeradius/cert/
tls_cacertdir = /etc/freeradius/cert/
# tls_certfile          = /path/to/radius.crt
tls_certfile = /etc/freeradius/cert/radius.crt
# tls_keyfile           = /path/to/radius.key
tls_keyfile = /etc/freeradius/cert/radius.key
#tls_mode = yes

I read about SSL in freeradius and i thought that that conf. use SSL  
to connections with ldap, but i wrong ?

Can somebody tell me how i can use SSL auth between ldap and  
freeradius ?

BR. Kamyk





More information about the Freeradius-Users mailing list