Ok, sounds good. I run Netware v 5.70.33 and that seems to have edirectory version 8.7.3.x I got a tab on novell with Ldap-connection. "Transport Layer Security (TLS / SSL)" Server Certificate: "SSL CertificateDNS" Client Certificate: **Not Requested** / Requested / Required Trusted Root Containers: TRUSTrootOU.Security ( ) Require TLS for all operations (not checked) ( ) Enable and require mutual authentication (not checked) Ports (x) Enable Encrypted Port Port: 636 (x) Enable Non-Encrypted Port Port: 389 If thats some kind of help!? /Mr G
From: "Jorgen Rosink" <jrosink@gmail.com> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Subject: Re: TLS cant connect ldap+freeradius+novell Date: Mon, 23 Jul 2007 11:47:45 +0200
On 7/23/07, Martin G <kapten_kanelbulle@hotmail.com> wrote:
I connected to the novell-server and inspected what ports the ldap used and its running on unencrypted 389 and encrypted port 636.
My ldapconf now looks like: BASE: ou=adm,ou=malmo,o=wifi URI ldap://10.10.0.11 ldap://10.10.0.11 TLS_CACERT /etc/freeradius/certs/WIFITREE_CA.pem TLS_REQCERT demand ldap_version 3 port 636 ssl start_tls ssl on
You're trying to use "start_tls", TLS connections are started on the (unencrypted) port 389 and are "upgraded" to a secure connection on the same port. So probably you don't have TLS support with your LDAP server (you need at least eDirectory 8.7 for what I know). Learn your LDAP server to talk TLS (by upgrading it), or initiate connections on the SSL port (636) and not the TLS one... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________ Need a brain boost? Recharge with a stimulating game. Play now! http://club.live.com/home.aspx?icid=club_hotmailtextlink1