[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + RADIUS + SSL

To: openldap-software@OpenLDAP.org
Subject: Re: LDAP + RADIUS + SSL
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 14 Jan 2005 10:59:15 +0100
In-reply-to: <Pine.LNX.4.44.0501132222000.30494-100000@belem.voip.nce.ufrj.br> (Anderson Alves de Albuquerque's message of "Thu, 13 Jan 2005 22:22:35 -0300 (EasT)")
Organization: AVCI
References: <Pine.LNX.4.44.0501132222000.30494-100000@belem.voip.nce.ufrj.br>
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Rational FORTRAN, linux)

Anderson Alves de Albuquerque <anderson@belem.voip.nce.ufrj.br> writes:

>   I use my RADIUS make authentication in LDAP server, but I have a 
> problema that I describe below.
>
>   I created the certificates with 
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
>  radiusd.conf the configs below, but I have problems. 

[...]
> tls_read: want=5, got=5
>   0000:  15 03 01 00 02                                     .....
> tls_read: want=2, got=2
>   0000:  02 30                                              .0
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> ^Cslapd shutdown: waiting for 0 threads to terminate
> slapd stopped.

You did not describe how you created your certificates, but the log
clearly says that the CA is unknown. This is a good document on
creating certificates
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53

Follow-Ups:
- Re: LDAP + RADIUS + SSL
  - From: Anderson Alves de Albuquerque <anderson@belem.voip.nce.ufrj.br>

References:
- LDAP + RADIUS + SSL
  - From: Anderson Alves de Albuquerque <anderson@belem.voip.nce.ufrj.br>

Prev by Date: Re: Multiple syncrepl problems
Next by Date: Re: LDAP + RADIUS + SSL
Index(es):
- Chronological
- Thread