LDAP CONFIGURATION IN FreeRadius
KW517G at att.com
Thu May 5 00:57:22 CEST 2016
Thanks Alan, This is all on the companies INTRANET. No connectivity/access to Internet/Cloud.
The LDAP config and Cert I am trying to verify is for the ssl connection between the FreeRadius servers and the LDAP server itself when queries sent to the LDAP server.
Someplace in Free Radius I am thinking it would tell us which ROOT CA (Certificate Authority) cert and serial number it is using and via what port. (although if using port 389 for LDAP,,I figure it is not using a cert at all) Once I can locate that info I can compare to the ROOT CA and serial the LDAP server uses. If the same we’re good to go when External LDAP server installs SHA256 certs shortly.
Original FreeRadius SME is no longer with us, hence the queries.
From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
Sent: Wednesday, May 04, 2016 6:43 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>; WINANT, KEVIN <KW517G at att.com>
Subject: RE: LDAP CONFIGURATION IN FreeRadius
Ummmm. Surely you want to use protection if its out in the cloud anyway??
You can view connecting to ldap using eg netstat and tcpdump
However, regarding the root CA for ldap. Its entirely different (or can be!) To that used by freeradius for clients (PEAP etc). So, grab the required root CA of the ldap server and is server cert and use those in your config. PS ldap stuff is very much refreshed in v3 - many more options etc and a far better connection pool (could be ideal for WAN based ldap servers)
More information about the Freeradius-Users