FreeRadius + Ldap + TLS/SSL
Rafał Kamiński
rafal.kaminski at blstream.com
Mon Dec 4 13:28:04 CET 2006
Hello
I install freeradius on Debian Sarge machine. I have my user in ldap
and I use that directory to auth. them. It's works. But when I want
to use TLS in connections between radius and ldap, I have that error
in radius log.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/ca.crt
rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to /etc/freeradius/cert/radius.crt
rlm_ldap: setting TLS Key File to /etc/freeradius/cert/radius.key
rlm_ldap: starting TLS
rlm_ldap: ldap_start_tls_s()
rlm_ldap: could not start TLS Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
When i saw that error, i check ldap logs. My ldap is configure with
SSL not a TLS. Now i have a problem with configure freeradius to work
with SSL ldap not TLS ldap :(
I have in radiusd.conf:
server = "ldap"
port = 636
#port = 389
...
filter = "(uid=%u)"
base_filter = "(objectclass=radiusprofile)"
start_tls = no
# tls_cacertfile = /path/to/cacert.pem
tls_cacertfile = /etc/freeradius/cert/ca.crt
# tls_cacertdir = /path/to/ca/dir/
tls_cacertdir = /etc/freeradius/cert/
tls_cacertdir = /etc/freeradius/cert/
# tls_certfile = /path/to/radius.crt
tls_certfile = /etc/freeradius/cert/radius.crt
# tls_keyfile = /path/to/radius.key
tls_keyfile = /etc/freeradius/cert/radius.key
#tls_mode = yes
I read about SSL in freeradius and i thought that that conf. use SSL
to connections with ldap, but i wrong ?
Can somebody tell me how i can use SSL auth between ldap and
freeradius ?
BR. Kamyk
More information about the Freeradius-Users
mailing list