[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + RADIUS + SSL






  


------------------------------------------------------
modules {

        chap {
                authtype = CHAP
        }

        ldap {
                server="146.164.xxx.236"
                identity="cn=root,dc=voip,dc=nce,dc=ufrj,dc=br"
                password=yyyy
                basedn="ou=users,dc=voip,dc=nce,dc=ufrj,dc=br"
                filter="(&(uid=%u)(objectclass=radiusprofile))"
                start_tls = no
                tls_mode = no
                dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap
                ldap_cache_timeout = 120
                ldap_cache_size = 0
                ldap_connections_number = 10
                password_attribute = userPassword
                timeout = 3
                timelimit = 5
                net_timeout = 1
                compare_check_items = no
                start_tls = yes
                tls_cacertfile = /tmp/ssl/SSL/cacert.pem
                tls_cacertdir = /tmp/ssl/SSL
                port=636
                #tls_certfile = /tmp/ssl/SSL/ldap.client.pem
                #tls_keyfile = /tmp/ssl/SSL/ldap.client.key.pem
        }
-------------------------------------







On Thu, 13 Jan 2005, Samuel Tran wrote:

> Hi Anderson,
> 
> Please could you send us your full radius.conf file?
> 
> Thanks.
> 
> >
> >
> >   I use my RADIUS make authentication in LDAP server, but I have a
> > problema that I describe below.
> >
> >   I created the certificates with
> > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> >  radiusd.conf the configs below, but I have problems.
> >
> >   Could someone help me ?
> >
> > look my debug  in the radiusd with "-x":
> >  -------------------------------------------------------------------
> >  rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
> >
> >  length=132
> >          User-Name = "aaa"
> >          CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> >          NAS-IP-Address = 146.164.xxx.236
> >          NAS-Identifier = "UFRJGK"
> >          NAS-Port-Type = Virtual
> >          Service-Type = Login-User
> >          CHAP-Challenge = 0x41e6bde1
> >          Framed-IP-Address = 146.164.xxx.198
> >          Attr-589825 =
> >  0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> >  3938303035343b
> >  rlm_ldap: - authorize
> >  rlm_ldap: performing user authorization for aaa
> >  ldap_get_conn: Got Id: 0
> >  rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> >  rlm_ldap: setting TLS mode to 1
> >  rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> >  146.164.xxx.236:636
> >  rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> >  146.164.xxx.236:636
> >  failed: Can't contact LDAP server
> >  rlm_ldap: (re)connection attempt failed
> >  rlm_ldap: search failed
> >  ldap_release_conn: Release Id: 0
> >  ----------------------------------------------------------
> >
> >
> >
> >
> >  In option debug of the LDAP I look this:
> > ---------------------------
> > .
> > .
> > .
> > .
> > tls_read: want=5, got=5
> >   0000:  15 03 01 00 02                                     .....
> > tls_read: want=2, got=2
> >   0000:  02 30                                              .0
> > TLS: can't accept.
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> > /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> > ^Cslapd shutdown: waiting for 0 threads to terminate
> > slapd stopped.
> > -----------------------------
> >
> >
> >
> >
> >
> >
>