deactivate ldap.attrmap
Sebastian Heil
s3b0 at gmx.de
Thu Jan 31 08:49:30 CET 2008
-------- Original-Nachricht --------
> Datum: Wed, 30 Jan 2008 09:28:31 -0500
> Von: "Wm. Josiah Erikson" <wjerikson at hampshire.edu>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: deactivate ldap.attrmap
> What struck me was that you need more attributes, but maybe I missed them:
>
> -cacertfile
> -certfile
> -keyfile
>
> -Josiah
>
I also tried a configuration with these attributes, but the error was the same. in my config there is at the moment only the "cacertfile", which is needed for the check of the edirectory-server-certificate.
In my opinion, i don't need the certfile and keyfile for eap-tls, because the edirectory-server doesn't check the freeradius-server-certificate. Is this correct?!?
Sebastian
>
> Sebastian Heil wrote:
> >> Sebastian Heil wrote:
> >> ...
> >>
> >>> i added the following lines to the ldap-section:
> >>>
> >> ...
> >>
> >>> rlm_ldap: could not start TLS Can't contact LDAP server
> >>>
> >> Maybe you need to check that there is an LDAP server listening on
> that
> >> port?
> >>
> >> Alan DeKok.
> >>
> >>
> >
> > thanks for your fast answer, alan.
> > but i am afraid, this is not the solution... the ldap-server is
> listening and even responding to my ldap-request. i captured the communication
> between the freeradius and the edirectory with etherreal:
> >
> > Someone any idea about the "Encrypted Alert" in no. 14?? Thanks.
> >
> > ---------------------
> > No. Time Source Destination Protocol
> Info
> > 1 0.000000 radtestclient freeradius RADIUS
> Access-Request(1) (id=74, l=58)
> >
> > 3 0.000749 freeradius edirectory TCP
> 56302 > ldaps [SYN] Seq=0 Len=0 MSS=1460 TSV=445748676 TSER=0 WS=2
> >
> > 5 0.012986 edirectory freeradius TCP
> ldaps > 56302 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 WS=0
> TSV=3386151196 TSER=445748676
> >
> > 6 0.013057 freeradius edirectory TCP
> 56302 > ldaps [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=445748679 TSER=3386151196
> >
> > 7 0.013639 freeradius edirectory SSLv2
> Client Hello
> >
> > 8 0.021887 edirectory freeradius TLSv1
> Server Hello,
> >
> > 9 0.022035 freeradius edirectory TCP
> 56302 > ldaps [ACK] Seq=143 Ack=1449 Win=8736 Len=0 TSV=445748682
> TSER=3386151206
> >
> > 10 0.030390 edirectory freeradius TLSv1
> Certificate
> >
> > 11 0.030550 freeradius edirectory TCP
> 56302 > ldaps [ACK] Seq=143 Ack=1946 Win=11632 Len=0 TSV=445748684
> TSER=3386151215
> >
> > 12 0.032263 freeradius edirectory TLSv1
> Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
> >
> > 13 0.048990 edirectory freeradius TLSv1
> Change Cipher Spec, Encrypted Handshake Message
> >
> > 14 0.049652 freeradius edirectory TLSv1
> Encrypted Alert
> >
> > 15 0.049923 freeradius edirectory TCP
> 56302 > ldaps [FIN, ACK] Seq=506 Ack=2005 Win=11632 Len=0 TSV=445748689
> TSER=3386151237
> >
> > 17 0.057441 edirectory freeradius TCP
> ldaps > 56302 [ACK] Seq=2005 Ack=507 Win=4885 Len=0 TSV=3386151247
> TSER=445748689
> >
> > 18 0.057774 edirectory freeradius TLSv1
> Encrypted Alert
> >
> > 19 0.057807 freeradius edirectory TCP
> 56302 > ldaps [RST] Seq=507 Len=0
> >
> > 20 0.057880 edirectory freeradius TCP
> ldaps > 56302 [FIN, ACK] Seq=2042 Ack=507 Win=4885 Len=0 TSV=3386151247
> TSER=445748689
> >
> > 21 0.057903 freeradius edirectory TCP
> 56302 > ldaps [RST] Seq=507 Len=0
> >
> >
> >
>
> --
> Wm. Josiah Erikson
> Computing Support
> School of Cognitive Science
> Hampshire College
> Amherst, MA 01002
> (413) 559-6091
>
>
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
More information about the Freeradius-Users
mailing list