deactivate ldap.attrmap
Thierry CHICH
thierry.chich at ac-clermont.fr
Thu Jan 31 09:29:35 CET 2008
Le jeudi 31 janvier 2008, Sebastian Heil a écrit :
> > Le mercredi 30 janvier 2008, Sebastian Heil a écrit :
> > > > Sebastian Heil wrote:
> > > > ...
> > > >
> > > > > i added the following lines to the ldap-section:
> > > >
> > > > ...
> > > >
> > > > > rlm_ldap: could not start TLS Can't contact LDAP server
> >
> > It doesn't seem that your TLS is well initiated. I don't think it is an
> > ldap
> > or freeradius issue.
>
> Maybe... maybe not... i dont know... the configuration-options for ldaps
> are not really good documented, i think.
>
> how can i confirm, which software produces this problem?
>
> In a first time, perhaps you could try your conf
>
> > without
> > the TLS tunnel.
>
> My configuration works with "normal" ldap. so i tried to "upgrade" to
> ldaps, which didn't work.
The hypothesis of the TLS problem seems to be confirmed.
>
> > > 14 0.049652 freeradius edirectory TLSv1
> > > Encrypted Alert
>
> Any ideas which problem can produce this "encrypted alert"?
>
It is a really difficult question (for me at least). Using wireshark, you
could have a more precise view of the message sent from freeradius to ldap.
There is a lot of things that can produce the failure of the init of a TLS
tunnel. Bad certificats, failure of the negociation of the cryptographic
protocols, etc.
More information about the Freeradius-Users
mailing list