----- Original Message -----
From: "Alan Buxey" <A.L.M.Buxey@lboro.ac.uk> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Sunday, November 6, 2011 10:59:43 AM Subject: Re: ldap tls in freeradius
Hi,
tls { start_tls = no
cacertfile = /etc/raddb/certs/ca.pem cacertdir = /etc/raddb/certs/ certfile = /etc/raddb/certs/server.crt keyfile = /etc/raddb/certs/server.key randfile = /etc/raddb/certs/random require_cert = "never"
are these certs for the LDAP connectin - or are these your main certs for the client connections - as the directory looks to be the same. ensure you have seperate config for your RADIUS<->LDAP connection...
is the CRT file PEM readable? - ie use openssl tool to check your cert
The snippet above is from the ldap setup. I do not expect to use EAP, so the certs are only to connect to the ldap servers. I'm new to openssl, but I did manage to find the syntax for reading the PEM crt file with -noout -text, and it give me the certificate data. The directory that I pointed to were the one that bootstrap automatically created. Do I need to create new certificates for the ldap lookup (if so is there a guide some where)? What is required (eg. key = values etc) in order to do a secure LDAP lookup in a remote AD. I would also like (for testing) to ensure that the ldap lookup does not try to validate the ldap server certificate I assume that "require_cert" does this for me? -- Thanks, Frank