[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP + RADIUS






  I use my RADIUS make authentication in LDAP server, but I have a 
problema that I describe below.

  I created the certificates with 
http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
 radiusd.conf the configs below, but I have problems. 

  Could someone help me ?

look my debug  in the radiusd with "-x":
 -------------------------------------------------------------------
 rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,

 length=132
         User-Name = "aaa"
         CHAP-Password = 0x658558a664c7032b44818a81b755804a11
         NAS-IP-Address = 146.164.xxx.236
         NAS-Identifier = "UFRJGK"
         NAS-Port-Type = Virtual
         Service-Type = Login-User
         CHAP-Challenge = 0x41e6bde1
         Framed-IP-Address = 146.164.xxx.198
         Attr-589825 =
 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
 3938303035343b
 rlm_ldap: - authorize
 rlm_ldap: performing user authorization for aaa
 ldap_get_conn: Got Id: 0
 rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
 rlm_ldap: setting TLS mode to 1
 rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
 146.164.xxx.236:636
 rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
 146.164.xxx.236:636
 failed: Can't contact LDAP server
 rlm_ldap: (re)connection attempt failed
 rlm_ldap: search failed
 ldap_release_conn: Release Id: 0
 ----------------------------------------------------------




 In option debug of the LDAP I look this:
---------------------------
.
.
.
.
tls_read: want=5, got=5
  0000:  15 03 01 00 02                                     .....
tls_read: want=2, got=2
  0000:  02 30                                              .0
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.
-----------------------------