TLS cant connect ldap+freeradius+novell
Jorgen Rosink
jrosink at gmail.com
Mon Jul 23 11:47:45 CEST 2007
On 7/23/07, Martin G <kapten_kanelbulle at hotmail.com> wrote:
> I connected to the novell-server and inspected what ports the ldap used and
> its running on unencrypted 389 and encrypted port 636.
>
> My ldapconf now looks like:
> BASE: ou=adm,ou=malmo,o=wifi
> URI ldap://10.10.0.11 ldap://10.10.0.11
> TLS_CACERT /etc/freeradius/certs/WIFITREE_CA.pem
> TLS_REQCERT demand
> ldap_version 3
> port 636
> ssl start_tls
> ssl on
You're trying to use "start_tls", TLS connections are started on the
(unencrypted) port 389 and are "upgraded" to a secure connection on
the same port. So probably you don't have TLS support with your LDAP
server (you need at least eDirectory 8.7 for what I know). Learn your
LDAP server to talk TLS (by upgrading it), or initiate connections on
the SSL port (636) and not the TLS one...
More information about the Freeradius-Users
mailing list