[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP + RADIUS + SSL
------------------------------------------------------
modules {
chap {
authtype = CHAP
}
ldap {
server="146.164.xxx.236"
identity="cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"
password=yyyy
basedn="ou=users,dc=voip,dc=nce,dc=ufrj,dc=br"
filter="(&(uid=%u)(objectclass=radiusprofile))"
start_tls = no
tls_mode = no
dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap
ldap_cache_timeout = 120
ldap_cache_size = 0
ldap_connections_number = 10
password_attribute = userPassword
timeout = 3
timelimit = 5
net_timeout = 1
compare_check_items = no
start_tls = yes
tls_cacertfile = /tmp/ssl/SSL/cacert.pem
tls_cacertdir = /tmp/ssl/SSL
port=636
#tls_certfile = /tmp/ssl/SSL/ldap.client.pem
#tls_keyfile = /tmp/ssl/SSL/ldap.client.key.pem
}
-------------------------------------
On Thu, 13 Jan 2005, Samuel Tran wrote:
> Hi Anderson,
>
> Please could you send us your full radius.conf file?
>
> Thanks.
>
> >
> >
> > I use my RADIUS make authentication in LDAP server, but I have a
> > problema that I describe below.
> >
> > I created the certificates with
> > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> > radiusd.conf the configs below, but I have problems.
> >
> > Could someone help me ?
> >
> > look my debug in the radiusd with "-x":
> > -------------------------------------------------------------------
> > rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
> >
> > length=132
> > User-Name = "aaa"
> > CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> > NAS-IP-Address = 146.164.xxx.236
> > NAS-Identifier = "UFRJGK"
> > NAS-Port-Type = Virtual
> > Service-Type = Login-User
> > CHAP-Challenge = 0x41e6bde1
> > Framed-IP-Address = 146.164.xxx.198
> > Attr-589825 =
> > 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> > 3938303035343b
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for aaa
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> > rlm_ldap: setting TLS mode to 1
> > rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> > 146.164.xxx.236:636
> > rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> > 146.164.xxx.236:636
> > failed: Can't contact LDAP server
> > rlm_ldap: (re)connection attempt failed
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> > ----------------------------------------------------------
> >
> >
> >
> >
> > In option debug of the LDAP I look this:
> > ---------------------------
> > .
> > .
> > .
> > .
> > tls_read: want=5, got=5
> > 0000: 15 03 01 00 02 .....
> > tls_read: want=2, got=2
> > 0000: 02 30 .0
> > TLS: can't accept.
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> > /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> > ^Cslapd shutdown: waiting for 0 threads to terminate
> > slapd stopped.
> > -----------------------------
> >
> >
> >
> >
> >
> >
>