Re: TLS cant connect ldap+freeradius+novell

To: freeradius-users@lists.freeradius.org
Subject: Re: TLS cant connect ldap+freeradius+novell
From: "Martin G" <kapten_kanelbulle@hotmail.com>
Date: Mon, 23 Jul 2007 12:18:25 +0200
In-reply-to: <5cef7cab0707230247v2955229dif912a76400a4b8f9@mail.gmail.com>
Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Ok, sounds good.
I run Netware v 5.70.33 and that seems to have edirectory version 8.7.3.x
I got a tab on novell with Ldap-connection.

"Transport Layer Security (TLS / SSL)"
Server Certificate:    "SSL CertificateDNS"
Client Certificate:   **Not Requested** /  Requested / Required
Trusted Root Containers:  TRUSTrootOU.Security

( ) Require TLS for all operations  (not checked)
( ) Enable and require mutual authentication (not checked)

Ports
(x) Enable Encrypted Port
Port: 636

(x) Enable Non-Encrypted Port
Port: 389

If thats some kind of help!?

/Mr G

From: "Jorgen Rosink" <jrosink@gmail.com>

Reply-To: FreeRadius users mailing list<freeradius-users@lists.freeradius.org>

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Subject: Re: TLS cant connect ldap+freeradius+novell
Date: Mon, 23 Jul 2007 11:47:45 +0200

On 7/23/07, Martin G <kapten_kanelbulle@hotmail.com> wrote:

> I connected to the novell-server and inspected what ports the ldap usedand

> its running on unencrypted 389 and encrypted port 636.
>
> My ldapconf now looks like:
> BASE: ou=adm,ou=malmo,o=wifi
> URI ldap://10.10.0.11 ldap://10.10.0.11
> TLS_CACERT /etc/freeradius/certs/WIFITREE_CA.pem
> TLS_REQCERT demand
> ldap_version 3
> port 636
> ssl start_tls
> ssl on

You're trying to use "start_tls", TLS connections are started on the
(unencrypted) port 389 and are "upgraded" to a secure connection on
the same port. So probably you don't have TLS support with your LDAP
server (you need at least eDirectory 8.7 for what I know). Learn your
LDAP server to talk TLS (by upgrading it), or initiate connections on
the SSL port (636) and not the TLS one...
-

List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html


_________________________________________________________________

Need a brain boost? Recharge with a stimulating game. Play now! http://club.live.com/home.aspx?icid=club_hotmailtextlink1

Follow-Ups:
- Re: TLS cant connect ldap+freeradius+novell
  - From: "Jorgen Rosink" <jrosink@gmail.com>

References:
- Re: TLS cant connect ldap+freeradius+novell
  - From: "Jorgen Rosink" <jrosink@gmail.com>

Previous by Date: Help: How to configure attribute based on Access-Challenge in Server?
Next by Date: Re: 2.0 mysql.sql
Previous by Thread: Re: TLS cant connect ldap+freeradius+novell
Next by Thread: Re: TLS cant connect ldap+freeradius+novell
Freeradius-Users July 2007 archives indexes sorted by: [ thread ] [ subject ] [ author ] [ date ]
Freeradius-Users list archive Table of Contents
More information about the Freeradius-Users mailing list

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.