[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + RADIUS + SSL



Anderson Alves de Albuquerque <anderson@belem.voip.nce.ufrj.br> writes:

>   I use my RADIUS make authentication in LDAP server, but I have a 
> problema that I describe below.
>
>   I created the certificates with 
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
>  radiusd.conf the configs below, but I have problems. 

[...]
> tls_read: want=5, got=5
>   0000:  15 03 01 00 02                                     .....
> tls_read: want=2, got=2
>   0000:  02 30                                              .0
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> ^Cslapd shutdown: waiting for 0 threads to terminate
> slapd stopped.

You did not describe how you created your certificates, but the log
clearly says that the CA is unknown. This is a good document on
creating certificates
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53