authenticating to ldaps/tls

Peter Param pparam at
Thu Feb 12 22:57:14 CET 2009

>> use start_tls=no fails also,
>Maybe but keep it to no

did that, still fails with the same message

>>  it seems to have a problem with the cert and/or cert directory:
>> rlm_ldap: attempting LDAP reconnection
>> rlm_ldap: (re)connect to, authentication 0
>> rlm_ldap: setting TLS mode to 1
>> rlm_ldap: could not set LDAP_OPT_X_TLS option Success
>?? this is confusing... could that mean that your ldap library wasn't 
>compiled with ssl support... I'm not sure
>(but this is a rather old post)

The version openssl I'm using is:  OpenSSL 0.9.8i 15 Sep 2008

The CA certificate is valid for the ldap server  because the client connects when
I test with...

 "openssl s_client -CAfile SVMHS_CA_SSL_Server.pem -connect"

Freeradius was compiled as follows:

/configure --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc
--localstatedir=/var --libdir=/usr/lib --includedir=/usr/include
--with-radacctdir=/var/log/freeradius/radacct --with-raddbdir=/etc/freeradius
--with-openssl-includes=/etc/include/openssl --with-openssl-libraries=/usr/lib  



This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been virus
scanned and although no viruses were detected by the system, St Vincents &
Mater Health Sydney accepts no liability for any consequential damage
resulting from email containing any computer viruses.


More information about the Freeradius-Users mailing list