ldap tls in freeradius

Phil Mayers p.mayers at imperial.ac.uk
Sun Nov 6 23:48:20 CET 2011

On 11/06/2011 11:37 AM, Frank Skovboel wrote:

> The directory that I pointed to were the one that bootstrap
> automatically created. Do I need to create new certificates for the
> ldap lookup (if so is there a guide some where)?

As others have pointed out, that's wrong.

The bootstrap certs are a fake CA & server cert, which you can use to 
test EAP.

If you want to use LDAPS as a *client*, you need to obtain the CA cert 
which signs the LDAP server cert, and reference (probably only) that in 
the ldap "tls {}" block

More information about the Freeradius-Users mailing list