Am 15.06.2012 14:32, schrieb Alan DeKok:
Ivan De Masi wrote:
The access to the ldap server is secured with ssl (not TLS!), so openladp is listening on port 636.
When I try
# radtest user "mypassword" localhost 1 testing123
I get the following message:
Reply-Message = "TLS: hostname does not match CN in peer certificate"
That message does not exist in the default configuration.
Someone added it to the local configuration.
Complete output:
Sending Access-Request of id 137 to 127.0.0.1 port 1812 User-Name = "user" User-Password = "password" NAS-IP-Address = 127.0.1.1 NAS-Port = 1
Uh... no. You are aware that the "radclient" program is not the radius server?
Read the output of "radiusd -X". This is mentioned in the FAQ, Wiki, web site, "man" page, and daily on this list.
That's correct, because I'm still in a testing phase and the openldap certificate doesn't match with the openldap hostname. But I need to fetch the data... What can I change to get it working? Is the only way to generate new certificate files?
I have no idea what you're doing, so I can't answer that question.
Alan DeKok.
Hi, that's what I found in a howto when testing the config... :-) "radiusd -X" doesn't seem to work on Debian (?!) Regards, Ivan -- AStA TU Darmstadt IT-Administration Raum S1|03 63 Hochschulstr. 1 64289 Darmstadt Tel. +49-6151-162217 Fax. +49-6151-166026