Hi Owen,
> rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0 > > is a line that says: > > rlm_ldap: setting TLS mode to 1 > > This leads me to believe that it is trying to start TLS as well, but I could > be wrong. I haven't read through the code carefully. Always It put on log (re)connect, I think this is normal behaivour. If you see my logs, in both test, qhen I use LDAP and when I use LDAPs It logs (re)connect. The only diference between LDAP test and LDAPs test is that on the second, It tries to connect twice, see my logs... > >> > rlm_ldap: attempting LDAP reconnection > >> > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 0 It connects once, and search the user who is attempting to remote access > >> > rlm_ldap: setting TLS mode to 1 > >> > rlm_ldap: bind as / to albinoni.upc.es:636 > >> > rlm_ldap: waiting for bind result ... > >> > rlm_ldap: performing search in o=LCX, with filter (uid=99990010) > >> > rlm_ldap: looking for check items in directory... > >> > rlm_ldap: looking for reply items in directory... > >> > rlm_ldap: user 99990010 authorized to use remote access > >> > ldap_release_conn: Release Id: 0 > >> > modcall[authorize]: module "ldap" returns ok It find him, Now It tries to authenticate > >> > modcall: group authorize returns ok > >> > rad_check_password: Found Auth-Type LDAP > >> > auth: type "LDAP" > >> > modcall: entering group authtype > >> > rlm_ldap: - authenticate > >> > rlm_ldap: login attempt by "99990010" with password "hola123" > >> > rlm_ldap: user DN: CN=Usuari Proves10,O=LCX > >> > rlm_ldap: (re)connect to albinoni.upc.es:636, authentication 1 > >> > rlm_ldap: setting TLS mode to 1 > >> > rlm_ldap: bind as CN=Usuari Proves10,O=LCX/hola123 to > > albinoni.upc.es:636 > >> > rlm_ldap: waiting for bind result ... > >> > modcall[authenticate]: module "ldap" returns reject > >> > modcall: group authtype returns reject > >> > auth: Failed to validate the user. It can't authenticate user, and It rejects... Uhm... I don't know how configure it... and where is the problem... > Also, I'm not sure why it's trying to bind as Usuari in the second > bind. It looks like the bind didn't return and the module returned reject > due to timeout, so it might be that with SSL your LDAP server isn't > responding Uhmm... I think that isn't the problem... Second bind is for autehntication. ______________________________________ Paco Orozco ([EMAIL PROTECTED]) Divisió de Telecomunicacions UPCNet Edifici Vèrtex - Pl. Eusebi Güell, 6 Telèfon centraleta: 93.40.11600 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html