Hm fiddling with parameters in the FreeRADIUS config files should not change any behavior of ldapsearch. ldapsearch depends on ldap.conf config file. Did you turn on ldap client debugging by setting "loglevel -1" in the ~/.ldap.conf file for the user that is executing ldapsearch? Or if ~/.ldap.conf does not exist, did you turn it on in /etc/openldap/ldap.conf or wherever your system ldap clients expects its config file to be? Martin G wrote:
Thx for the reply!
Iv tried removing "port" and "tls_mode" from my radius.conf and hade "tls_start = yes" set.
The tls_certfile and tls_keyfile is now commented away #.
I use the tls_certfile to /etc/freeradius/certs/WIFITREE_CA.b64
Is this file of ASCII type and does it read about like -------- BEGIN CERTIFICATE ------ Base64 blob -------- END CERTIFICATE ------ ? That is the correct format, i.e. PEM. Is there more than one certificate in the file? If it is binary, then its DER format. In this case you could try openssl x509 -inform DER -in WIFITREE_CA.b64 -out WIFITREE_CA.pem
Id tried to use "c_rehash ." in that directory but the rehash dont find my cert, only other certs in that path who is made into strange names. Can i force it to pick my .b64 certificate or can i convert it in any other way? (after the certs turned into funny names from c_rehash, its just to rename them, if it starts to work with the right certificate?)
The only output i now get from lldapsearch -vvv -h 10.10.0.11 -x -Z -b ou=adm,ou=malmo,o=wifi "cn=lotta" is:
ldap_initialize( ldap://10.10.0.11 ) ldap_start_tls: Connect error (-11) ldap_result: Can't contact LDAP server (-1)
Did i miss anything or is the only thing left now, to get a .pem certificate? -- Beste Gruesse / Kind Regards
Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737