LDAP Authentication
Seferovic Edvin
edvin.seferovic at kolp.at
Thu Oct 27 02:54:41 CEST 2005
This has nothing to do with a secured connection to LDAP directory. Its the
EAP method that you are using which needs a certificate ... rlm_eap_tls is
the module that is looking for the CA ! Check your EAP setup !
Regards,
Edvin
_____
From: James Taylor [mailto:jtaylor at laszlosystems.com]
Sent: Donnerstag, 27. Oktober 2005 02:18
To: edvin.seferovic at kolp.at; 'FreeRadius users mailing list'
Subject: RE: LDAP Authentication
That is what is confusing to me I am not using TLS for LDAP. Currently I am
just trying to get basic auth working before I add that complexity. I am
able to auth ldap directly on the localhost and via my ldap admin tools
without problems.
JT
-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of
Seferovic Edvin
Sent: Wednesday, October 26, 2005 5:09 PM
To: 'FreeRadius users mailing list'
Subject: RE: LDAP Authentication
Hi,
I think that your problem has nothing to do with LDAP.. because ..
--- snip ---
rlm_ldap: user jtaylor authorized to use remote access
--- snip ---
Your certificates are not okay.. TLS says that the CA is unknown -
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
Check them...
Regards,
Edvin
_____
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of James
Taylor
Sent: Donnerstag, 27. Oktober 2005 01:26
To: 'FreeRadius users mailing list'
Subject: LDAP Authentication
I am currently trying to get LDAP authentication to work properly. As I am
still learning the ins-and-outs on how all this comes together I am having
an issue validating a user with Radius-LDAP. Attached is an example of the
debug. Maybe it is just something stupid that I am doing.
Thank you for your help!
James Taylor
EAP-Message = 0x573bea1ceb16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf666044c26dce30b13ecbacd04693e18
rad_recv: Access-Request packet from host 192.168.43.106:1645, id=126,
length=151
User-Name = "jtaylor"
Framed-MTU = 1400
Called-Station-Id = "0014.6ae0.3180"
Calling-Station-Id = "0040.96a6.d46c"
Service-Type = Login-User
Message-Authenticator = 0x421ab8418995a7c7b6b94367b0d154d9
EAP-Message = 0x0204001119800000000715030100020230
NAS-Port-Type = Wireless-802.11
NAS-Port = 4082
State = 0xf666044c26dce30b13ecbacd04693e18
NAS-IP-Address = 192.168.43.106
NAS-Identifier = "SAP"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jtaylor
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jtaylor authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_eap_tls: Length Included
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
9963:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1052:SSL alert number 48
9963:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051027/cf80e65f/attachment.html>
More information about the Freeradius-Users
mailing list