Alan DeKok wrote:
Paul Bender <[EMAIL PROTECTED]> wrote:
However, I use OpenLDAP as a central store for account information for all other services (unix, samba, email, etc). Therefore, I would like freeradius to get account information from the LDAP server as well. However, when I configure freeradius to use the LDAP server, the freeradius server segfaults rlm_ldap attempts to bind to my LDAP server.
Don't use TLS to connect to the LDAP server. For some reason, PEAP and LDAP+TLS don't like each other. The reason is buried inside of the OpenSSL code, which is a bit of a problem to debug.
Thank you for the response.
I do not believe I am using TLS (or SSL) to connect to the LDAP server, since I have set start_tls=0 in my ldap module configuration and since freeradius is attempting to connect to the ldap (not the ldaps) port.
In order to be sure, I disabled TLS (even commented out my certs) on my LDAP server. However, freeradius still crashes at the same point in the process.
In order to check further, I decided to log the LDAP messaging over the wire using Ethereal. While the freeradius output does not show anything after the LDAP bind attempt, the Ethereal logs show that freeradius does a successful bind with the LDAP server. In addition, it does a successful LDAP search for the bind account (radiusd) and the bind account's primary group (radiusd). After that, there is no more LDAP traffic.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
