[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: TLS / SSL
Are you connecting on port 389 or 636? Is it that TLS works ? what
About SSH on port 636 ? anyone get that working ?
Did you have to tell FreeRadius where the certificates were ? or
Is the start_tls=yes all you have to do on the client side to
Get LDAP to connect with TLS on port 389 ?
Ron
> -----Original Message-----
> From: Kirk Turner-Rustin [mailto:ktrustin@owu.edu]
> Sent: Wednesday, July 02, 2003 7:28 AM
> To: Pierre Burri
> Cc: OpenLDAP
> Subject: Re: TLS / SSL
>
> On Wed, 2 Jul 2003, Pierre Burri wrote:
>
> > Just a confirmation of what Kent says. I have also tried to put the
> client
> > certificate declaration in ldap.conf and gut TLS errors. After
puting
> them in
> > /home/username/.ldaprc , everything worked fine.
> >
> > Another thing about SSL/TLS. I don't know either this client
freeradius.
> > The client "gq" which is excellent doesn't work with SSL but works
very
> well
> > with TLS. Are you sure freeradius works with SSL, did you try with
TLS
> (Port
> > 389 + some TLS switch) ?
>
> freeRADIUS 0.8.1 plus TLS works fine here in a test implementation
with
> OpenLDAP 2.1.17 running under RedHat Linux 7.2.
>
> The 'ldap' clause in our /etc/raddb/radiusd.conf contains:
>
> ldap {
> server = "test_ldap.owu.edu"
> basedn = "ou=TestAccounts,dc=owu,dc=edu"
> filter =
> "(&(uid=%{Stripped-User-Name:-%{User-
>
Name}})(|(owueduaccountprimaryaffiliation=faculty)(owueduaccountprimarya
ff
>
iliation=admin)(owueduaccountprimaryaffiliation=retired)(owueduaccountpr
im
> aryaffiliation=vip)))"
> start_tls = yes
> tls_mode = no
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
>
> --
> Kirk Turner-Rustin
> Programmer/Analyst
> Ohio Wesleyan University
> http://www.owu.edu
> ktrustin@owu.edu