LDAP CONFIGURATION IN FreeRadius

WINANT, KEVIN KW517G at att.com
Thu May 5 18:02:35 CEST 2016


HI Alan, Thanks for the info and this is a file I was looking at.
In that file where I would expect to see the LDAP server name:  "server ="
It shows:   server = "ldap.your.domain"  
 Assume this is default before specifying an actual LDAP server hostname

And for TLS in that file Is see:
{
start_tls = no
}

The start tls=no  indicates to me that LDAPS is not being used (port 636) and would instead be using unsecure LDAP via port 389..  Is this correct assumption?

Still puzzled by the LDAP file having no SPECIFIC LDAP server hostname defined for "server="

Have attached the LDAP file, not sure if will make it through

  







Hi,

>    The LDAP config and Cert I am trying to verify is for the ssl connection
>    between the FreeRadius servers and the LDAP server itself when queries
>    sent to the LDAP server.

for v2,

/etc/raddb/modules/ldap


see the lines:

	server = "ldap.your.domain"


	#  Port to connect on, defaults to 389. Setting this to
	#  636 will enable LDAPS if start_tls (see below) is not
	#  able to be used.
	#port = 389

and for secure TLS stuff, look in that same file for the

	tls {
	}

section


you will need to ensure that the appropriate parts are complete



you may find that things are missing, empty because the original admin
decided that the 'best thing' would be to remove stuff...in which case you need to
look at original files....

alan
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FreeRadius LDAP file.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160505/029694cd/attachment-0001.txt>


More information about the Freeradius-Users mailing list