rlm_ldap: could not start TLS
pjc at ual.pt
Mon Apr 3 11:36:22 CEST 2006
I had the same problem with the same version of freeradius to
authenticate to an OpenLDAP.
Check this (it worked for me):
- verify your TLS configuration: you must have the same name as the
certificate. For instance, don't use IP address when it is expecting the
- verify that your ldap library has TLS suport: I used OpenLDAP's
library without tls and had the same problem.
- configure and compile freeradius with the open-ssl flags: point to the
openssl that you want/need.
Marc Delisle wrote:
> George C. Kaplan a écrit :
>> On Apr 1, 2006, at 5:28 AM, Marc Delisle wrote:
>>> I'm trying to make freeradius 1.1.0 contact a LDAP server.
>>> I configured freeradius --with-edir.
>>> The error I get is
>>> "rlm_ldap: could not start TLS Can't contact LDAP server"
>>> I followed this document
>>> except that in my case, the LDAP server is on Netware 6.5 SP5.
>>> On this Netware server, LDAP responds correctly over SSL, as tested
>>> with Novell's ldapsearch on port 636.
>> I had a problem similar to this: 'ldapsearch' worked, but Freeradius
>> couldn't make an LDAP connection with TLS. It turns out that my
>> system had two versions of the openssl library, and radiusd was
>> linking to the wrong version. It was kind of confusing, since the
>> rlm_ldap module was linked to the correct library (in
>> /usr/local/lib), but radiusd was linked to the one in /usr/lib, and
>> that's the one that got loaded at run time.
>> I ended up setting --with-openssl-includes and
>> --with-openssl-libraries in the Makefile for the port (I'm using
>> FreeBSD 5.4), and that solved the problem.
>> --George C. Kaplan gckaplan at ack.berkeley.edu
>> Communication & Network Services 510-643-0496
>> University of California at Berkeley
> Thanks George for your answer. I checked: both radiusd and
> rlm_ldap-1.1.0.so are linked to /usr/lib/libssl.so.0.9.7. I am on Linux.
> Should this version (openssl 0.9.7e) work?
> Marc Delisle
> - List info/subscribe/unsubscribe? See
|Paulo Cabrita, Msc |
|Director do Centro de Informática |
|da Universidade Autónoma de Lisboa|
|Tel: +351-213177635 |
|Fax: +351-213533702 |
|E-mail: pjc at ual.pt |
More information about the Freeradius-Users