[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP + RADIUS



I suggest use ldapsearch(1) to verify that you can authenticate
to your LDAP server in the desired fashion and then translate
that success to your Radius server.  If you need help with your
Radius server, please use a mail list specially chartered to
support it.

Kurt

At 05:21 PM 1/13/2005, Anderson Alves de Albuquerque wrote:




>  I use my RADIUS make authentication in LDAP server, but I have a 
>problema that I describe below.
>
>  I created the certificates with 
>http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> radiusd.conf the configs below, but I have problems. 
>
>  Could someone help me ?
>
>look my debug  in the radiusd with "-x":
> -------------------------------------------------------------------
> rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
>
> length=132
>         User-Name = "aaa"
>         CHAP-Password = 0x658558a664c7032b44818a81b755804a11
>         NAS-IP-Address = 146.164.xxx.236
>         NAS-Identifier = "UFRJGK"
>         NAS-Port-Type = Virtual
>         Service-Type = Login-User
>         CHAP-Challenge = 0x41e6bde1
>         Framed-IP-Address = 146.164.xxx.198
>         Attr-589825 =
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> 3938303035343b
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for aaa
> ldap_get_conn: Got Id: 0
> rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> 146.164.xxx.236:636
> rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> 146.164.xxx.236:636
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> ----------------------------------------------------------
>
>
>
>
> In option debug of the LDAP I look this:
>---------------------------
>.
>.
>.
>.
>tls_read: want=5, got=5
>  0000:  15 03 01 00 02                                     .....
>tls_read: want=2, got=2
>  0000:  02 30                                              .0
>TLS: can't accept.
>TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
>^Cslapd shutdown: waiting for 0 threads to terminate
>slapd stopped.
>-----------------------------