Freeradius + Ldap + SSL/TLS

RATSIMIVEH Remi ratsimiveh.remi at gmail.com
Tue Jun 28 15:28:32 CEST 2011 

Hi,

I install freeradius on Debian machine. I have my user in ldap
and I use that directory to authentication.But when I want
to use SSL or TLS in connections between radius and ldap, I have that error

in radius log. (Freeradius -X)

---------------------------------
 [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to ldap.corporate.com:1793, authentication 0
  [ldap] setting TLS CACert File to /etc/freradius/certs/RootCA.pem
  [ldap] setting TLS CACert Directory to /etc/freeradius/certs/
  [ldap] setting TLS Cert File to /etc/freeradius/certs/RootCA.crt
  [ldap] setting TLS Key File to /etc/freeradius/certs/SSLSubCA.pem
  [ldap] setting TLS Key File to /etc/freeradius/certs/
  [ldap] bind as uid=...,dc=...,dc=...,dc=.../pssword to
ldap.corporate.com:1793
  [ldap] waiting for bind result ...
  [ldap] ldap_result()
  [ldap] uid=...,dc=...,dc=...,dc=.../pssword to
ldap.corporate.com:1793failed: timeout
  [ldap] (re)connection attempt failed
[ldap] search failed
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
---------------------------------

i have in ldap.conf :

ldap {

    server = "ldap.corporate.com"
    port    = 1793
...
tls {
            # cacertfile    = /path/to/cacert.pem
            # cacertdir     = /path/to/certs/
            # certfile        = /path/to/radius.crt
            # keyfile        = /path/to/radius.key
            # randfile        = /path/to/rnd
            # require_cert    = "demand"

         cacertfile    = /etc/freradius/certs/RootCA.pem
             cacertdir        = /etc/freeradius/certs/
             certfile        = /etc/freeradius/certs/RootCA.crt
             keyfile        = /etc/freeradius/certs/SSLSubCA.pem
             randfile        = /etc/freeradius/certs/
             require_cert    = "allow"

it's an another team who manage this ldap corporate.
This team request me to import the Corporate.Root.CA and Corporate.SSL.CA to
be able to SSL connections.
About them, my radius server don't used SSL connections. I don't know where
put them...
Sorry for my English, the french replies will be accepted.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110628/68931575/attachment.html>

More information about the Freeradius-Users mailing list