ldap-server with Self-Signed Certificate
Paul Kuntke
paulk at turmlabor.de
Fri Dec 12 09:56:23 CET 2014
Hello to all,
I'm trying to setup freeradius to authenticate with an ldap-Server.
My Radius-Version:
FreeRADIUS Version 3.0.4
If I start:
radiusd -f -X
it says':
rlm_ldap (ldap): Could not set ca_file: Success
rlm_ldap (ldap): Could not set certificate_file: Success
rlm_ldap (ldap): Could not set random_file: Success
rlm_ldap (ldap): Could not set require_cert: Success
TLS certificate verification: Error, self signed certificate
TLS: can't connect.
In the ldap-Module I've set the following:
tls {
ca_file = "/etc/ssl/certs/ldap.cert"
certificate_file = "/usr/local/etc/raddb/certs/ldap.cert"
random_file = "/usr/local/etc/raddb/certs/random"
start_tls = no
require_cert = "allow"
}
Verifying the server via:
openssl s_client -CAfile /etc/ssl/certs/ldap.cert -connect <SERVERURL>
Returns:
Verify return code: 0 (ok)
Can anybody help me to make freeradius accepting the certificate?
Thanks, Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141212/06dbc328/attachment-0001.pgp>
More information about the Freeradius-Users
mailing list