Peter Param wrote:
I did that and the SSL_CTX_ERROR message is now gone and radiusd runs successfully. However it won't accept encrypted authentication requests:
No... it can't set the right TLS settings to talk to LDAP. There are no "encrypted authenticated requests".
rlm_ldap: (re)connect to secureldapcentral.stvincents.com.au:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: could not set LDAP_OPT_X_TLS option Success rlm_ldap: setting TLS CACert File to certs/SVMHS_CA_SSL_Server.pem rlm_ldap: could not set LDAP_OPT_X_TLS_CACERTFILE option to certs/SVMHS_CA_SSL_Server.pem rlm_ldap: setting TLS Require Cert to never
Hmm... I suspect there's an OpenSSL compatibility issue here. i.e. Since it worked with the default OpenSSL libraries on your system, the obvious conclusion is that changing libraries broke it. The obvious fix is to not change libraries.
I can authenticate to the ldap backend with an ldap client using port 636 but not with freeradius.
<shrug> It has probably been statically linked to OpenSSL. Alan DeKok.