<p>Set the hostname in the ldap conf to match what is in the certificate. You may need to create an entry in /etc/hosts to match. You may be able to get around the mismatch by creating an ldaprc file and setting the parameter that controls the hostname checking to none.</p>
<p>On Jun 15, 2012 10:12 PM, "Ivan De Masi" <<a href="mailto:it-support@asta.tu-darmstadt.de">it-support@asta.tu-darmstadt.de</a>> wrote:<br>
><br>
> Hello all,<br>
><br>
> I have installed freeradius 2.1.10 on Debian Squeeze and configured to fetch the users on the ldap server.<br>
><br>
> The access to the ldap server is secured with ssl (not TLS!), so openladp is listening on port 636.<br>
><br>
> When I try<br>
><br>
> # radtest user "mypassword" localhost 1 testing123<br>
><br>
> I get the following message:<br>
><br>
> Reply-Message = "TLS: hostname does not match CN in peer certificate"<br>
><br>
> Complete output:<br>
><br>
> Sending Access-Request of id 137 to 127.0.0.1 port 1812<br>
> User-Name = "user"<br>
> User-Password = "password"<br>
> NAS-IP-Address = 127.0.1.1<br>
> NAS-Port = 1<br>
><br>
><br>
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137, length=73<br>
> Reply-Message = "TLS: hostname does not match CN in peer certificate"<br>
><br>
> That's correct, because I'm still in a testing phase and the openldap certificate doesn't match with the openldap hostname. But I need to fetch the data...<br>
> What can I change to get it working? Is the only way to generate new certificate files?<br>
><br>
> Thanks!<br>
><br>
> Regards,<br>
> Ivan<br>
> -<br>
> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br>
</p>