TLS cant connect ldap+freeradius+novell

Martin G kapten_kanelbulle at hotmail.com
Mon Jul 23 12:18:25 CEST 2007


Ok, sounds good.
I run Netware v 5.70.33 and that seems to have edirectory version 8.7.3.x
I got a tab on novell with Ldap-connection.

"Transport Layer Security (TLS / SSL)"
Server Certificate:    "SSL CertificateDNS"
Client Certificate:   **Not Requested** /  Requested / Required
Trusted Root Containers:  TRUSTrootOU.Security

( ) Require TLS for all operations  (not checked)
( ) Enable and require mutual authentication (not checked)

Ports
(x) Enable Encrypted Port
Port: 636

(x) Enable Non-Encrypted Port
Port: 389

If thats some kind of help!?

/Mr G


>From: "Jorgen Rosink" <jrosink at gmail.com>
>Reply-To: FreeRadius users mailing list 
><freeradius-users at lists.freeradius.org>
>To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
>Subject: Re: TLS cant connect ldap+freeradius+novell
>Date: Mon, 23 Jul 2007 11:47:45 +0200
>
>On 7/23/07, Martin G <kapten_kanelbulle at hotmail.com> wrote:
>
> > I connected to the novell-server and inspected what ports the ldap used 
>and
> > its running on unencrypted 389 and encrypted port 636.
> >
> > My ldapconf now looks like:
> > BASE: ou=adm,ou=malmo,o=wifi
> > URI ldap://10.10.0.11 ldap://10.10.0.11
> > TLS_CACERT /etc/freeradius/certs/WIFITREE_CA.pem
> > TLS_REQCERT demand
> > ldap_version 3
> > port 636
> > ssl start_tls
> > ssl on
>
>You're trying to use "start_tls", TLS connections are started on the
>(unencrypted) port 389 and are "upgraded" to a secure connection on
>the same port. So probably you don't have TLS support with your LDAP
>server (you need at least eDirectory 8.7 for what I know). Learn your
>LDAP server to talk TLS (by upgrading it), or initiate connections on
>the SSL port (636) and not the TLS one...
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html

_________________________________________________________________
Need a brain boost? Recharge with a stimulating game. Play now!  
http://club.live.com/home.aspx?icid=club_hotmailtextlink1




More information about the Freeradius-Users mailing list