rlm_ldap: could not start TLS
George C. Kaplan
gckaplan at ack.berkeley.edu
Sun Apr 2 03:06:50 CEST 2006
On Apr 1, 2006, at 11:15 AM, Marc Delisle wrote:
> George C. Kaplan a écrit :
>> I had a problem similar to this: 'ldapsearch' worked, but
>> Freeradius couldn't make an LDAP connection with TLS. It turns
>> out that my system had two versions of the openssl library, and
>> radiusd was linking to the wrong version. It was kind of
>> confusing, since the rlm_ldap module was linked to the correct
>> library (in /usr/local/lib), but radiusd was linked to the one in /
>> usr/lib, and that's the one that got loaded at run time.
>> I ended up setting --with-openssl-includes and --with-openssl-
>> libraries in the Makefile for the port (I'm using FreeBSD 5.4),
>> and that solved the problem.
>> --George C. Kaplan
>> gckaplan at ack.berkeley.edu
>> Communication & Network Services 510-643-0496
>> University of California at Berkeley
>
> Thanks George for your answer. I checked: both radiusd and
> rlm_ldap-1.1.0.so are linked to /usr/lib/libssl.so.0.9.7. I am on
> Linux.
What is 'ldapsearch' linked to? That's the program that does make a
connection with TLS.
> Should this version (openssl 0.9.7e) work?
Possibly not; that's the version my system has in /usr/lib. I have
OpenSSL 0.9.8a installed (from FreeBSD ports) in /usr/local/lib.
That's the version that's working for me, both with 'ldapsearch' and
freeradius.
--
George C. Kaplan gckaplan at ack.berkeley.edu
Communication & Network Services 510-643-0496
University of California at Berkeley
More information about the Freeradius-Users
mailing list