authenticating to ldaps/tls
Peter Param
pparam at stvincents.com.au
Thu Feb 12 22:57:14 CET 2009
>> use start_tls=no fails also,
>Maybe but keep it to no
did that, still fails with the same message
>> it seems to have a problem with the cert and/or cert directory:
>>
>> rlm_ldap: attempting LDAP reconnection
>> rlm_ldap: (re)connect to ldap1.stvincents.com.au:636, authentication 0
>> rlm_ldap: setting TLS mode to 1
>> rlm_ldap: could not set LDAP_OPT_X_TLS option Success
>>
>?? this is confusing... could that mean that your ldap library wasn't
>compiled with ssl support... I'm not sure
>see
>http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg09575.html
>(but this is a rather old post)
The version openssl I'm using is: OpenSSL 0.9.8i 15 Sep 2008
The CA certificate is valid for the ldap server because the client connects when
I test with...
"openssl s_client -CAfile SVMHS_CA_SSL_Server.pem -connect
ldap1.stvincents.com.au:636"
Freeradius was compiled as follows:
/configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include
--with-radacctdir=/var/log/freeradius/radacct --with-raddbdir=/etc/freeradius
--with-openssl-includes=/etc/include/openssl --with-openssl-libraries=/usr/lib
cheers
Peter
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been virus
scanned and although no viruses were detected by the system, St Vincents &
Mater Health Sydney accepts no liability for any consequential damage
resulting from email containing any computer viruses.
**********************************************************************
More information about the Freeradius-Users
mailing list