I have modify the tls_certfile to
tls_certfile=/usr/local/freeradius/etc/raddb/radius-ssl-ldap/radius.crt
But still no success.
The debug info is as follows: (Still TLS error)
rad_recv: Access-Request packet from host 192.168.80.1:1812, id=31, length=135
NAS-IP-Address = 192.168.80.1
NAS-Port = 50009
NAS-Port-Type = Ethernet
User-Name = "ISP-1\\test"
Called-Station-Id = "00-0D-ED-11-89-C9"
Calling-Station-Id = "00-50-BA-7B-BE-8F"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0200000f014953502d315c68667775
Message-Authenticator = 0xf418f027e10d9fff416739014a16f27f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/192.168.80.1/auth-detail-20041118'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.80.1/auth-detail-20041118
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "ISP-1" for User-Name = "ISP-1\test"
rlm_realm: Found realm "isp-1"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to realm isp-1
rlm_realm: Adding Realm = "isp-1"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "isp-1" returns noop for request 1
rlm_realm: Request already proxied. Ignoring.
modcall[authorize]: module "isp-2" returns noop for request 1
rlm_eap: EAP packet type response id 0 length 15
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 159
users: Matched DEFAULT at 178
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=mydc'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to x.x.x.x:389, authentication 0
ldap_create
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to
/usr/local/freeradius/etc/raddb/radius-ssl-ldap/cacert.pem
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to
usr/local/freeradius/etc/raddb/radius-ssl-ldap/radiusservercert.pem
rlm_ldap: setting TLS Key File to
/usr/local/freeradius/etc/raddb/radius-ssl-ldap/radiusservercertkey.pem
rlm_ldap: setting TLS Key File to /dev/urandom
rlm_ldap: starting TLS
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP 202.119.24.37:389
ldap_new_socket: 9
ldap_prepare_socket: 9
ldap_connect_to_host: Trying 202.119.24.37:389
ldap_connect_timeout: fd: 9 tm: 1 async: 0
ldap_ndelay_on: 9
ldap_is_sock_ready: 9
ldap_ndelay_off: 9
ldap_int_sasl_open: host=hostexample.com
TLS: could not use certificate
`usr/local/freeradius/etc/raddb/radius-ssl-ldap/radiusservercert.pem'.
TLS: error:02001002:system library:fopen:No such file or directory
bss_file.c:276
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:278
TLS: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
ssl_rsa.c:515
rlm_ldap: ldap_start_tls_s()
ldap_err2string
rlm_ldap: could not start TLS Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns fail for request 1
modcall: group authorize returns fail for request 1
Finished request 1
[EMAIL PROTECTED]
2004-11-18
