Using LDAPS with Freeradius

Peter Lambrechtsen peter at
Tue Jan 21 08:31:11 CET 2020

That is the only way it works. And if it's working and you should see an
established tcp connection to the ldap server on port 636.
If it wasn't encrypted it would be on port 389. So it's encrypted.

On Tue, 21 Jan 2020, 18:25 Byron Jeffery, <byronjeffery at> wrote:

> Hi Everyone
> I am attempting to setup LDAPS on our Freeradius server on Ubuntu that is
> querying an Active Directory server for users group memberships, and
> hoping for a few guidelines on the correct setup procedure.
> So far I have exported the self signed PEM SSL cert form the AD server and
> imported it into /etc/freeradius/certs.
> In /etc/freeradius/mods-enabled/ldap, I also specified the Port = 636 and
> under the TLS section, pointed the ca_file = ${certdir}/ to the
> certificate, enabled ca_path = ${certdir} and set require_cert    =
> 'allow'.
> The radius authentication's are working but would like to confirm if this
> is the best way to go about enabling LDAPS.
>    - Kind Regards
>    - Byron Jeffery
>    - Assisting ICT Manager
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list