Owen, I've got tls disabled. But I think I may configure something in openSSL.... Isnt' it?
Thanks ______________________________________ Paco Orozco ([EMAIL PROTECTED]) Divisió de Telecomunicacions UPCNet Edifici Vèrtex - Pl. Eusebi Güell, 6 Telèfon centraleta: 93.40.11600 [EMAIL PROTECTED] wrote on 23/06/2003 16:08:35: > If you're using Port 636, you probably need to set TLS off. I'm not sure > starting TLS over SSL works. Even if it does, it's kind of redundant. > > Owen > > > --On Monday, June 23, 2003 10:49 AM +0200 "Francisco Orozco/Upcnet" > <[EMAIL PROTECTED]> wrote: > > > Hiya, > > > > Finally I've installed openSSL, but I think I'm forgetting something, > > because I can authenticate via LDAP over SSL. > > > > I've installed openSSL (openssl-0.9.7b). > > I've installed Freeradius (freeradius-0.8.1) as: > > > > tar -zxvf freeradius.tar.gz > > cd freeradius-0.8.1 > > ./configure --prefix=/opt/freeradius > > make > > make install > > > > Then I configured radiusd.conf (see file below). > > > > First with port=389 (LDAP without SSL): > > > > rad_recv: Access-Request packet from host 127.0.0.1:32805, id=90, > > length=60 > > User-Name = "99990010" > > User-Password = "hola123" > > NAS-IP-Address = 255.255.255.255 > > NAS-Port = 1 > > rad_lowerpair: User-Name now '99990010' > > rad_lowerpair: User-Password now 'hola123' > > modcall: entering group authorize > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for 99990010 > > radius_xlat: '(uid=99990010)' > > radius_xlat: 'o=LCX' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) > > rlm_ldap: looking for check items in directory... > > rlm_ldap: looking for reply items in directory... > > rlm_ldap: user 99990010 authorized to use remote access > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns ok > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type LDAP > > auth: type "LDAP" > > modcall: entering group authtype > > rlm_ldap: - authenticate > > rlm_ldap: login attempt by "99990010" with password "hola123" > > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX > > rlm_ldap: (re)connect to albinoni.upc.es:389, authentication 1 > > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to albinoni.upc.es:389 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: user 99990010 authenticated succesfully > > modcall[authenticate]: module "ldap" returns ok > > modcall: group authtype returns ok > > Sending Access-Accept of id 90 to 127.0.0.1:32805 > > > > It works great. I can authenticate without any problem. > > > > Now I'll try with LDAP over SSL, as you can see I haven't installed any > > selfsigned o CA certificate, but I can't see any message about it. > > > > Now port=636: > > > > rad_recv: Access-Request packet from host 127.0.0.1:32806, id=100, > > length=60 > > User-Name = "99990010" > > User-Password = "hola123" > > NAS-IP-Address = 255.255.255.255 > > NAS-Port = 1 > > rad_lowerpair: User-Name now '99990010' > > rad_lowerpair: User-Password now 'hola123' > > modcall: entering group authorize > > rlm_ldap: - authorize > > rlm_ldap: performing user authorization for 99990010 > > radius_xlat: '(uid=99990010)' > > radius_xlat: 'o=LCX' > > ldap_get_conn: Got Id: 0 > > rlm_ldap: attempting LDAP reconnection > > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0 > > rlm_ldap: setting TLS mode to 1 > > rlm_ldap: bind as / to albinoni.upc.es:636 > > rlm_ldap: waiting for bind result ... > > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) > > rlm_ldap: looking for check items in directory... > > rlm_ldap: looking for reply items in directory... > > rlm_ldap: user 99990010 authorized to use remote access > > ldap_release_conn: Release Id: 0 > > modcall[authorize]: module "ldap" returns ok > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type LDAP > > auth: type "LDAP" > > modcall: entering group authtype > > rlm_ldap: - authenticate > > rlm_ldap: login attempt by "99990010" with password "hola123" > > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX > > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 1 > > rlm_ldap: setting TLS mode to 1 > > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to albinoni.upc.es:636 > > rlm_ldap: waiting for bind result ... > > modcall[authenticate]: module "ldap" returns reject > > modcall: group authtype returns reject > > auth: Failed to validate the user. > > Delaying request 0 for 1 seconds > > Finished request 0 > > > > I think RADIUS can connect to LDAP server over SSL, because it can do the > > first filter, but qhen it tries to authenticate it is missing something... > > > > More help!!!!! :-) > > > > > > > > > > ______________________________________ > > Paco Orozco ([EMAIL PROTECTED]) > > Divisió de Telecomunicacions > > UPCNet > > Edifici Vèrtex - Pl. Eusebi Güell, 6 > > Telèfon centraleta: 93.40.11600 > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html