Hi,

I'm trying to authorize users in different AD's (2003 and 2008), but I keep running into an error I can't find any thing on when I google it.

For the purpose of the testing I have set the following in the ldap section: require_cert

Freeradius tries to connect to the ldap server (2008), the connection fails and I get the following debug output.

============================ DEBUG =======================================
[ldap_CustA] performing user authorization for MyAccount
[ldap_CustA]   expand: (&(sAMAccountName=%{User-Name})) -> (&(sAMAccountName=MyAccount))
[ldap_CustA]   expand: ou=OU1,ou=OU2,dc=domain,dc=local -> ou=OU1,ou=OU2,dc=domain,dc=local
  [ldap_CustA] ldap_get_conn: Checking Id: 0
  [ldap_CustA] ldap_get_conn: Got Id: 0
  [ldap_CustA] attempting LDAP reconnection
  [ldap_CustA] (re)connect to AD-IP-ADDRESS:636, authentication 0
  [ldap_CustA] setting TLS mode to 1
  [ldap_CustA] setting TLS CACert File to /etc/raddb/certs/ca.pem
  [ldap_CustA] setting TLS CACert Directory to /etc/raddb/certs/
  [ldap_CustA] setting TLS Require Cert to never
  [ldap_CustA] setting TLS Cert File to /etc/raddb/certs/server.crt
  [ldap_CustA] setting TLS Key File to /etc/raddb/certs/server.key
  [ldap_CustA] setting TLS Key File to /etc/raddb/certs/random
  [ldap_CustA] bind as user@domain.local/PASSWORD to 193.47.81.75:636
TLS: could not add the certificate PEM Token #0:server.crt - 0 - error -8192:Unknown code ___f 0.
TLS: error: could not initialize moznss security context - error -8192:Unknown code ___f 0
TLS: can't create ssl handle.
===========================================================================

======================= CONFIG SNIP =========================================
   tls {
      start_tls = no

        cacertfile      = /etc/raddb/certs/ca.pem
        cacertdir       = /etc/raddb/certs/
        certfile        = /etc/raddb/certs/server.crt
        keyfile         = /etc/raddb/certs/server.key
        randfile        = /etc/raddb/certs/random
require_cert   = "never"
}
===========================================================================


I'm wondering why the random file is set as a TLS Key, and also what exactly is going wrong since I get the error for the PEM Token?


Thank you for your help.

--
Thanks for your help
Frank