TLS cant connect ldap+freeradius+novell
Martin G
kapten_kanelbulle at hotmail.com
Thu Jul 19 17:25:39 CEST 2007
Sorry, when i tried to rehash my certificate, id changed its path, but now
its back and i got a new output from my ldapsearch-command:
ldapsearch -vvv -h 10.10.0.11 -x -Z -b ou
=adm,ou=malmo,o=wifi "cn=lotta"
ldap_initialize( ldap://10.10.0.11 )
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
filter: cn=lotta
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=adm,ou=malmo,o=wifi> with scope subtree
# filter: cn=lotta
# requesting: ALL
#
# lotta, ADM, MALMO, WIFI
dn: cn=lotta,ou=ADM,ou=MALMO,o=WIFI
zenzfdVersion::
PD94bWwgdmVyc2lvbj0iMS4fSe34FNvZGluZz0iVVRGLTgiPz48QWdlbnREYX
RhPjxWZXJzaW9uPjQuMC4xLjU5PC9WZXJzaWwAffwawFWZXJXcml0ZVRpbWU+MTE0OTUwMTY4MjwvVmV
yV3JpdGVUaW1lPjwvQwfAwREYXRhPg==
zenpolPolicy: cn=UserZenPolPackage,ou=ZEN,o=WIFI#0#zenUserPackage
sasDefaultLoginSequence: ------No default------
uid: lotta
givenName: lotta
fullName: lotta whatever
Language: ENGLISH
sn: whatever
passwordUniqueRequired: FALSE
passwordRequired: TRUE
passwordMinimumLength: 5
passwordExpirationTime: 20070815131928Z
passwordExpirationInterval: 3456000
passwordAllowChange: TRUE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
objectClass: radiusprofile
loginTime: 20070719121749Z
loginGraceRemaining: 6
loginGraceLimit: 6
cn: lotta
ACL: 2#subtree#cn=lotta,ou=ADM,ou=MALMO,o=WIFI#[All Attributes Rights]
ACL: 6#entry#cn=lotta,ou=ADM,ou=MALMO,o=WIFI#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=lotta,ou=ADM,ou=MALMO,o=WIFI#printJobConfiguration
ACL: 2#entry#[Root]#networkAddress
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
Iv also added the loglevel -1 to the /etc/ldap/ldap.conf and removed the
TLSCertificateFile and TLSCertificateKeyFile from the /etc/ldap/sldap.conf
as i did forget before.
Do i need to convert the certificate to .pem and how if the c_rehash dont
work?
I paste the new output from the freeradius -XXX -A if it might help...
freeradius -XXX -A
Tue Jul 10 12:35:00 2007 : Info: Starting - reading configuration files ...
Tue Jul 10 12:35:00 2007 : Debug: reread_config: reading radiusd.conf
Tue Jul 10 12:35:00 2007 : Debug: Config: including file:
/etc/freeradius/prox
y.conf
Tue Jul 10 12:35:00 2007 : Debug: Config: including file:
/etc/freeradius/clie
nts.conf
Tue Jul 10 12:35:00 2007 : Debug: Config: including file:
/etc/freeradius/snmp
..conf
Tue Jul 10 12:35:00 2007 : Debug: Config: including file:
/etc/freeradius/eap.
conf
Tue Jul 10 12:35:00 2007 : Debug: Config: including file:
/etc/freeradius/sql.
conf
Tue Jul 10 12:35:00 2007 : Debug: main: prefix = "/usr"
Tue Jul 10 12:35:00 2007 : Debug: main: localstatedir = "/var"
Tue Jul 10 12:35:00 2007 : Debug: main: logdir = "/var/log/freeradius"
Tue Jul 10 12:35:00 2007 : Debug: main: libdir = "/usr/lib/freeradius"
Tue Jul 10 12:35:00 2007 : Debug: main: radacctdir =
"/var/log/freeradius/radac
ct"
Tue Jul 10 12:35:00 2007 : Debug: main: hostname_lookups = no
Tue Jul 10 12:35:00 2007 : Debug: main: max_request_time = 30
Tue Jul 10 12:35:00 2007 : Debug: main: cleanup_delay = 5
Tue Jul 10 12:35:00 2007 : Debug: main: max_requests = 1024
Tue Jul 10 12:35:00 2007 : Debug: main: delete_blocked_requests = 0
Tue Jul 10 12:35:00 2007 : Debug: main: port = 0
Tue Jul 10 12:35:00 2007 : Debug: main: allow_core_dumps = no
Tue Jul 10 12:35:00 2007 : Debug: main: log_stripped_names = yes
Tue Jul 10 12:35:00 2007 : Debug: main: log_file =
"/var/log/freeradius/radius.
log"
Tue Jul 10 12:35:00 2007 : Debug: main: log_auth = yes
Tue Jul 10 12:35:00 2007 : Debug: main: log_auth_badpass = yes
Tue Jul 10 12:35:00 2007 : Debug: main: log_auth_goodpass = yes
Tue Jul 10 12:35:00 2007 : Debug: main: pidfile =
"/var/run/freeradius/freeradi
us.pid"
Tue Jul 10 12:35:00 2007 : Debug: main: user = "freerad"
Tue Jul 10 12:35:00 2007 : Debug: main: group = "freerad"
Tue Jul 10 12:35:00 2007 : Debug: main: usercollide = no
Tue Jul 10 12:35:00 2007 : Debug: main: lower_user = "no"
Tue Jul 10 12:35:00 2007 : Debug: main: lower_pass = "no"
Tue Jul 10 12:35:00 2007 : Debug: main: nospace_user = "no"
Tue Jul 10 12:35:00 2007 : Debug: main: nospace_pass = "no"
Tue Jul 10 12:35:00 2007 : Debug: main: checkrad = "/usr/sbin/checkrad"
Tue Jul 10 12:35:00 2007 : Debug: main: proxy_requests = yes
Tue Jul 10 12:35:00 2007 : Debug: proxy: retry_delay = 5
Tue Jul 10 12:35:00 2007 : Debug: proxy: retry_count = 3
Tue Jul 10 12:35:00 2007 : Debug: proxy: synchronous = no
Tue Jul 10 12:35:00 2007 : Debug: proxy: default_fallback = yes
Tue Jul 10 12:35:00 2007 : Debug: proxy: dead_time = 120
Tue Jul 10 12:35:00 2007 : Debug: proxy: post_proxy_authorize = no
Tue Jul 10 12:35:00 2007 : Debug: proxy: wake_all_if_all_dead = no
Tue Jul 10 12:35:00 2007 : Debug: security: max_attributes = 200
Tue Jul 10 12:35:00 2007 : Debug: security: reject_delay = 1
Tue Jul 10 12:35:00 2007 : Debug: security: status_server = no
Tue Jul 10 12:35:00 2007 : Debug: main: debug_level = 0
Tue Jul 10 12:35:00 2007 : Debug: read_config_files: reading dictionary
Tue Jul 10 12:35:00 2007 : Debug: read_config_files: reading naslist
Tue Jul 10 12:35:00 2007 : Info: Using deprecated naslist file. Support for
thi
s will go away soon.
Tue Jul 10 12:35:00 2007 : Debug: read_config_files: reading clients
Tue Jul 10 12:35:00 2007 : Debug: read_config_files: reading realms
Tue Jul 10 12:35:00 2007 : Debug: radiusd: entering modules setup
Tue Jul 10 12:35:00 2007 : Debug: Module: Library search path is
/usr/lib/freera
dius
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded exec
Tue Jul 10 12:35:00 2007 : Debug: exec: wait = yes
Tue Jul 10 12:35:00 2007 : Debug: exec: program = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: exec: input_pairs = "request"
Tue Jul 10 12:35:00 2007 : Debug: exec: output_pairs = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: exec: packet_type = "(null)"
Tue Jul 10 12:35:00 2007 : Info: rlm_exec: Wait=yes but no output defined.
Did y
ou mean output=none?
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated exec (exec)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded expr
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated expr (expr)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded PAP
Tue Jul 10 12:35:00 2007 : Debug: pap: encryption_scheme = "crypt"
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated pap (pap)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded CHAP
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated chap (chap)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded MS-CHAP
Tue Jul 10 12:35:00 2007 : Debug: mschap: use_mppe = yes
Tue Jul 10 12:35:00 2007 : Debug: mschap: require_encryption = no
Tue Jul 10 12:35:00 2007 : Debug: mschap: require_strong = no
Tue Jul 10 12:35:00 2007 : Debug: mschap: with_ntdomain_hack = no
Tue Jul 10 12:35:00 2007 : Debug: mschap: passwd = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: mschap: ntlm_auth = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated mschap (mschap)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded System
Tue Jul 10 12:35:00 2007 : Debug: unix: cache = no
Tue Jul 10 12:35:00 2007 : Debug: unix: passwd = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: unix: shadow = "/etc/shadow"
Tue Jul 10 12:35:00 2007 : Debug: unix: group = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: unix: radwtmp =
"/var/log/freeradius/radwtmp"
Tue Jul 10 12:35:00 2007 : Debug: unix: usegroup = no
Tue Jul 10 12:35:00 2007 : Debug: unix: cache_reload = 600
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated unix (unix)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded LDAP
Tue Jul 10 12:35:00 2007 : Debug: ldap: server = "10.10.0.11"
Tue Jul 10 12:35:00 2007 : Debug: ldap: port = 389
Tue Jul 10 12:35:00 2007 : Debug: ldap: net_timeout = 1
Tue Jul 10 12:35:00 2007 : Debug: ldap: timeout = 4
Tue Jul 10 12:35:00 2007 : Debug: ldap: timelimit = 3
Tue Jul 10 12:35:00 2007 : Debug: ldap: identity = "cn=admin,o=wifi"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_mode = no
Tue Jul 10 12:35:00 2007 : Debug: ldap: start_tls = yes
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_cacertfile =
"/etc/freeradius/certs
/WIFITREE_CA.b64"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_cacertdir = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_certfile = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_keyfile = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_randfile = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: tls_require_cert = "allow"
Tue Jul 10 12:35:00 2007 : Debug: ldap: password = "novell"
Tue Jul 10 12:35:00 2007 : Debug: ldap: basedn = "ou=adm,ou=malmo,o=wifi"
Tue Jul 10 12:35:00 2007 : Debug: ldap: filter =
"(cn=%{Stripped-User-Name:-%{U
ser-Name}})"
Tue Jul 10 12:35:00 2007 : Debug: ldap: base_filter =
"(objectclass=radiusprofi
le)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: default_profile = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: profile_attribute = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: password_header = "(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: password_attribute = "nspmPassword"
Tue Jul 10 12:35:00 2007 : Debug: ldap: access_attr = "dialupAccess"
Tue Jul 10 12:35:00 2007 : Debug: ldap: groupname_attribute = "cn"
Tue Jul 10 12:35:00 2007 : Debug: ldap: groupmembership_filter =
"(|(&(objectCl
ass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniq
uemember=%{Ldap-UserDn})))"
Tue Jul 10 12:35:00 2007 : Debug: ldap: groupmembership_attribute =
"(null)"
Tue Jul 10 12:35:00 2007 : Debug: ldap: dictionary_mapping =
"/etc/freeradius/l
dap.attrmap"
Tue Jul 10 12:35:00 2007 : Debug: ldap: ldap_debug = 0
Tue Jul 10 12:35:00 2007 : Debug: ldap: ldap_connections_number = 5
Tue Jul 10 12:35:00 2007 : Debug: ldap: compare_check_items = no
Tue Jul 10 12:35:00 2007 : Debug: ldap: access_attr_used_for_allow = yes
Tue Jul 10 12:35:00 2007 : Debug: ldap: do_xlat = yes
Tue Jul 10 12:35:00 2007 : Debug: ldap: edir_account_policy_check = yes
Tue Jul 10 12:35:00 2007 : Debug: ldap: set_auth_type = yes
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: Registering ldap_groupcmp for
Ldap-G
roup
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: Registering ldap_xlat with
xlat_name
ldap
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: reading ldap<->radius mappings
from
file /etc/freeradius/ldap.attrmap
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to
RADIU
S $GENERIC$
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to
RADIU
S $GENERIC$
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusAuthType mapped to
RADIUS
Auth-Type
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusSimultaneousUse
mapped to
RADIUS Simultaneous-Use
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusCalledStationId
mapped to
RADIUS Called-Station-Id
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusCallingStationId
mapped t
o RADIUS Calling-Station-Id
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS
LM-
Password
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS
NT-
Password
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS
SMB-
Account-CTRL-TEXT
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusExpiration mapped to
RADI
US Expiration
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped
to RA
DIUS NAS-IP-Address
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusServiceType mapped to
RAD
IUS Service-Type
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped
to
RADIUS Framed-Protocol
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedIPAddress
mapped to
RADIUS Framed-IP-Address
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask
mapped to
RADIUS Framed-IP-Netmask
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to
RAD
IUS Framed-Route
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped
to R
ADIUS Framed-Routing
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFilterId mapped to
RADIUS
Filter-Id
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to
RADIU
S Framed-MTU
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedCompression
mapped
to RADIUS Framed-Compression
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to
RAD
IUS Login-IP-Host
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginService mapped
to RA
DIUS Login-Service
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped
to RA
DIUS Login-TCP-Port
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped
to
RADIUS Callback-Number
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to
RADI
US Callback-Id
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork
mapped t
o RADIUS Framed-IPX-Network
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusClass mapped to
RADIUS Cl
ass
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped
to
RADIUS Session-Timeout
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to
RAD
IUS Idle-Timeout
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusTerminationAction
mapped
to RADIUS Termination-Action
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginLATService
mapped to
RADIUS Login-LAT-Service
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped
to RA
DIUS Login-LAT-Node
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped
to R
ADIUS Login-LAT-Group
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink
mappe
d to RADIUS Framed-AppleTalk-Link
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork ma
pped to RADIUS Framed-AppleTalk-Network
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone
mappe
d to RADIUS Framed-AppleTalk-Zone
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to
RADIU
S Port-Limit
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped
to RA
DIUS Login-LAT-Port
Tue Jul 10 12:35:00 2007 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped
to RA
DIUS Reply-Message
Tue Jul 10 12:35:00 2007 : Debug: conns: 0x81457f8
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated ldap (ldap)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded eap
Tue Jul 10 12:35:00 2007 : Debug: eap: default_eap_type = "md5"
Tue Jul 10 12:35:00 2007 : Debug: eap: timer_expire = 60
Tue Jul 10 12:35:00 2007 : Debug: eap: ignore_unknown_eap_types = no
Tue Jul 10 12:35:00 2007 : Debug: eap: cisco_accounting_username_bug = no
Tue Jul 10 12:35:00 2007 : Debug: rlm_eap: Loaded and initialized type md5
Tue Jul 10 12:35:00 2007 : Debug: rlm_eap: Loaded and initialized type leap
Tue Jul 10 12:35:00 2007 : Debug: gtc: challenge = "Password: "
Tue Jul 10 12:35:00 2007 : Debug: gtc: auth_type = "PAP"
Tue Jul 10 12:35:00 2007 : Debug: rlm_eap: Loaded and initialized type gtc
Tue Jul 10 12:35:00 2007 : Debug: mschapv2: with_ntdomain_hack = no
Tue Jul 10 12:35:00 2007 : Debug: rlm_eap: Loaded and initialized type
mschapv2
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated eap (eap)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded preprocess
Tue Jul 10 12:35:00 2007 : Debug: preprocess: huntgroups =
"/etc/freeradius/hun
tgroups"
Tue Jul 10 12:35:00 2007 : Debug: preprocess: hints =
"/etc/freeradius/hints"
Tue Jul 10 12:35:00 2007 : Debug: preprocess: with_ascend_hack = no
Tue Jul 10 12:35:00 2007 : Debug: preprocess: ascend_channels_per_line = 23
Tue Jul 10 12:35:00 2007 : Debug: preprocess: with_ntdomain_hack = no
Tue Jul 10 12:35:00 2007 : Debug: preprocess: with_specialix_jetstream_hack
= n
o
Tue Jul 10 12:35:00 2007 : Debug: preprocess: with_cisco_vsa_hack = no
Tue Jul 10 12:35:00 2007 : Debug: preprocess: with_alvarion_vsa_hack = no
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated preprocess
(preprocess)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded realm
Tue Jul 10 12:35:00 2007 : Debug: realm: format = "suffix"
Tue Jul 10 12:35:00 2007 : Debug: realm: delimiter = "@"
Tue Jul 10 12:35:00 2007 : Debug: realm: ignore_default = no
Tue Jul 10 12:35:00 2007 : Debug: realm: ignore_null = no
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated realm (suffix)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded files
Tue Jul 10 12:35:00 2007 : Debug: files: usersfile =
"/etc/freeradius/users"
Tue Jul 10 12:35:00 2007 : Debug: files: acctusersfile =
"/etc/freeradius/acct_
users"
Tue Jul 10 12:35:00 2007 : Debug: files: preproxy_usersfile =
"/etc/freeradius/
preproxy_users"
Tue Jul 10 12:35:00 2007 : Debug: files: compat = "no"
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated files (files)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded Acct-Unique-Session-Id
Tue Jul 10 12:35:00 2007 : Debug: acct_unique: key = "User-Name,
Acct-Session-I
d, NAS-IP-Address, Client-IP-Address, NAS-Port"
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated acct_unique
(acct_unique)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded detail
Tue Jul 10 12:35:00 2007 : Debug: detail: detailfile =
"/var/log/freeradius/rad
acct/%{Client-IP-Address}/detail-%Y%m%d"
Tue Jul 10 12:35:00 2007 : Debug: detail: detailperm = 384
Tue Jul 10 12:35:00 2007 : Debug: detail: dirperm = 493
Tue Jul 10 12:35:00 2007 : Debug: detail: locking = no
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated detail (detail)
Tue Jul 10 12:35:00 2007 : Debug: Module: Loaded radutmp
Tue Jul 10 12:35:00 2007 : Debug: radutmp: filename =
"/var/log/freeradius/radu
tmp"
Tue Jul 10 12:35:00 2007 : Debug: radutmp: username = "%{User-Name}"
Tue Jul 10 12:35:00 2007 : Debug: radutmp: case_sensitive = yes
Tue Jul 10 12:35:00 2007 : Debug: radutmp: check_with_nas = yes
Tue Jul 10 12:35:00 2007 : Debug: radutmp: perm = 384
Tue Jul 10 12:35:00 2007 : Debug: radutmp: callerid = yes
Tue Jul 10 12:35:00 2007 : Debug: Module: Instantiated radutmp (radutmp)
Tue Jul 10 12:35:00 2007 : Debug: Listening on authentication *:1812
Tue Jul 10 12:35:00 2007 : Debug: Listening on accounting *:1813
Tue Jul 10 12:35:00 2007 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.10.0.28:32795, id=47,
length=112
NAS-IP-Address = 10.10.0.29
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "lotta"
User-Password = "******"
Calling-Station-Id = "000000000000"
Called-Station-Id = "000B86600DB2"
Aruba-Essid-Name = ""
Aruba-Location-Id = "0.0.0"
Tue Jul 10 12:35:36 2007 : Debug: Processing the authorize section of
radiusd.
conf
Tue Jul 10 12:35:36 2007 : Debug: modcall: entering group authorize for
request
0
Tue Jul 10 12:35:36 2007 : Debug: modsingle[authorize]: calling preprocess
(rl
m_preprocess) for request 0
Tue Jul 10 12:35:36 2007 : Debug: modsingle[authorize]: returned from
preproce
ss (rlm_preprocess) for request 0
Tue Jul 10 12:35:36 2007 : Debug: modcall[authorize]: module "preprocess"
retu
rns ok for request 0
Tue Jul 10 12:35:36 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap
) for request 0
Tue Jul 10 12:35:39 2007 : Debug: Discarding duplicate request from client
local
host:32795 - ID: 47 0
Tue Jul 10 12:35:39 2007 : Debug: --- Walking the entire request list
---urns no
Tue Jul 10 12:35:39 2007 : Debug: Waking up in 3 seconds...
rad_recv: Access-Request packet from host 10.10.0.28:32795, id=47,
length=112_ms
Tue Jul 10 12:35:41 2007 : Debug: Discarding duplicate request from client
local
host:32795 - ID: 47 2007 : Debug: modsingle[authorize]: returned from
mschap (
Tue Jul 10 12:35:41 2007 : Debug: --- Walking the entire request list ---
Tue Jul 10 12:35:41 2007 : Debug: Waking up in 1 seconds...ule "mschap"
returns
Tue Jul 10 12:35:42 2007 : Debug: --- Walking the entire request list ---
Tue Jul 10 12:35:42 2007 : Debug: Cleaning up request 0 ID 47 with timestamp
469
360f8for request 0
Tue Jul 10 12:35:42 2007 : Debug: Nothing to do. Sleeping until we see a
reques
t.oking up realm NULL
rad_recv: Access-Request packet from host 10.10.0.28:32795, id=47,
length=112
Tue Jul NAS-IP-Address = 10.10.0.29 modsingle[authorize]: returned from
suffix (
rlm_realNAS-Port = 0st 0
Tue Jul NAS-Port-Type = Wireless-802.11call[authorize]: module "suffix"
returns
noop forUser-Name = "lotta"
Tue Jul User-Password = "******"g: modsingle[authorize]: calling eap
(rlm_eap)
for requCalling-Station-Id = "000000000000"
Tue Jul Called-Station-Id = "000B86600DB2"p: No EAP-Message, not doing EAP
Tue Jul Aruba-Essid-Name = ""bug: modsingle[authorize]: returned from eap
(rlm
_eap) foAruba-Location-Id = "0.0.0"
Tue Jul 10 12:35:43 2007 : Debug: Processing the authorize section of
radiusd.
confr request 0
Tue Jul 10 12:35:43 2007 : Debug: modcall: entering group authorize for
request
1s) for request 0
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling preprocess
(rl
m_preprocess) for request 1Debug: modsingle[authorize]: returned from
files (r
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from
preproce
ss (rlm_preprocess) for request 1 modcall[authorize]: module "files"
returns o
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "preprocess"
retu
rns ok for request 12007 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap
) for request 15:36 2007 : Debug: rlm_ldap: - authorize
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from chap
(rl
m_chap) for request 1
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "chap"
returns no
op for request 1:36 2007 : Debug: radius_xlat: 'ou=adm,ou=malmo,o=wifi'
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_ms
chap) for request 1 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from
mschap (
rlm_mschap) for request 1: Debug: rlm_ldap: (re)connect to 10.10.0.11:389,
authe
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "mschap"
returns
noop for request 16 2007 : Debug: rlm_ldap: setting TLS CACert File to
/etc/free
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_re
alm) for request 16 2007 : Debug: rlm_ldap: starting TLS
Tue Jul 10 12:35:43 2007 : Debug: rlm_realm: No '@' in User-Name =
"lotta",
looking up realm NULL007 : Error: rlm_ldap: could not start TLS Connect
error
Tue Jul 10 12:35:43 2007 : Debug: rlm_realm: No such realm "NULL"iled
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from
suffix (
rlm_realm) for request 1 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "suffix"
returns
noop for request 1t 0
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap)
for request 1t 0
Tue Jul 10 12:35:43 2007 : Debug: rlm_eap: No EAP-Message, not doing EAPs
fail
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from eap
(rlm
_eap) for request 1 2007 : Debug: Finished request 0
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "eap" returns
noo
p for request 15:36 2007 : Debug: --- Walking the entire request list ---
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling files
(rlm_fil
es) for request 1Request packet from host 10.10.0.28:32795, id=47,
length=112
Tue Jul 10 12:35:43 2007 : Debug: users: Matched entry DEFAULT at line
152
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from
files (r
lm_files) for request 1
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "files"
returns o
k for request 1
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: calling ldap
(rlm_ldap
) for request 1
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: - authorize
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: performing user authorization
for lo
tta
Tue Jul 10 12:35:43 2007 : Debug: radius_xlat: '(cn=lotta)'
Tue Jul 10 12:35:43 2007 : Debug: radius_xlat: 'ou=adm,ou=malmo,o=wifi'
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: attempting LDAP reconnection
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: (re)connect to 10.10.0.11:389,
authe
ntication 0
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: setting TLS CACert File to
/etc/free
radius/certs/WIFITREE_CA.b64
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: starting TLS
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: ldap_start_tls_s()
Tue Jul 10 12:35:43 2007 : Error: rlm_ldap: could not start TLS Connect
error
Tue Jul 10 12:35:43 2007 : Error: rlm_ldap: (re)connection attempt failed
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: search failed
Tue Jul 10 12:35:43 2007 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Jul 10 12:35:43 2007 : Debug: modsingle[authorize]: returned from ldap
(rl
m_ldap) for request 1
Tue Jul 10 12:35:43 2007 : Debug: modcall[authorize]: module "ldap"
returns fa
il for request 1
Tue Jul 10 12:35:43 2007 : Debug: modcall: leaving group authorize (returns
fail
) for request 1
Tue Jul 10 12:35:43 2007 : Debug: Finished request 1
Tue Jul 10 12:35:43 2007 : Debug: Going to the next request
Tue Jul 10 12:35:43 2007 : Debug: --- Walking the entire request list ---
Tue Jul 10 12:35:43 2007 : Debug: Waking up in 6 seconds...
Tue Jul 10 12:35:49 2007 : Debug: --- Walking the entire request list ---
Tue Jul 10 12:35:49 2007 : Debug: Cleaning up request 1 ID 47 with timestamp
469
360ff
Tue Jul 10 12:35:49 2007 : Debug: Nothing to do. Sleeping until we see a
reques
t.
/Mr G
>From: "Reimer Karlsen-Masur, DFN-CERT" <karlsen-masur at dfn-cert.de>
>Reply-To: FreeRadius users mailing list
><freeradius-users at lists.freeradius.org>
>To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
>Subject: Re: TLS cant connect ldap+freeradius+novell
>Date: Thu, 19 Jul 2007 16:57:34 +0200
>
>Hm
>
>fiddling with parameters in the FreeRADIUS config files should not change
>any behavior of ldapsearch. ldapsearch depends on ldap.conf config file.
>
>Did you turn on ldap client debugging by setting "loglevel -1" in the
>~/.ldap.conf file for the user that is executing ldapsearch? Or if
>~/.ldap.conf does not exist, did you turn it on in /etc/openldap/ldap.conf
>or wherever your system ldap clients expects its config file to be?
>
>Martin G wrote:
> > Thx for the reply!
> >
> > Iv tried removing "port" and "tls_mode" from my radius.conf and hade
> > "tls_start = yes" set.
> >
> > The tls_certfile and tls_keyfile is now commented away #.
> >
> > I use the tls_certfile to /etc/freeradius/certs/WIFITREE_CA.b64
>
>Is this file of ASCII type and does it read about like
>
>-------- BEGIN CERTIFICATE ------
>Base64 blob
>-------- END CERTIFICATE ------
>
>?
>
>That is the correct format, i.e. PEM.
>
>Is there more than one certificate in the file?
>
>If it is binary, then its DER format. In this case you could try
>
>openssl x509 -inform DER -in WIFITREE_CA.b64 -out WIFITREE_CA.pem
>
> > Id tried to use "c_rehash ." in that directory but the rehash dont find
>my
> > cert, only other certs in that path who is made into strange names.
> > Can i force it to pick my .b64 certificate or can i convert it in any
>other
> > way? (after the certs turned into funny names from c_rehash, its just to
> > rename them, if it starts to work with the right certificate?)
> >
> > The only output i now get from lldapsearch -vvv -h 10.10.0.11 -x -Z -b
> > ou=adm,ou=malmo,o=wifi "cn=lotta"
> > is:
> >
> > ldap_initialize( ldap://10.10.0.11 )
> > ldap_start_tls: Connect error (-11)
> > ldap_result: Can't contact LDAP server (-1)
> >
> > Did i miss anything or is the only thing left now, to get a .pem
> > certificate?
>--
>Beste Gruesse / Kind Regards
>
>Reimer Karlsen-Masur
>
>DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
>--
>Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
>DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
>Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
><< smime.p7s >>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
More information about the Freeradius-Users
mailing list