Is your ldap server listening on that port? "...Can't contact LDAP server..."
Does ldapsearch work? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anderson Alves de Albuquerque Sent: Thursday, January 13, 2005 12:02 PM To: freeradius-users@lists.freeradius.org Subject: RE: Radius with SSL I created the certificates with http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my radiusd.conf the configs below, but I have problems. look my debug in the radiusd with "-x": ------------------------------------------------------------------- rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104, length=132 User-Name = "aaa" CHAP-Password = 0x658558a664c7032b44818a81b755804a11 NAS-IP-Address = 146.164.xxx.236 NAS-Identifier = "UFRJGK" NAS-Port-Type = Virtual Service-Type = Login-User CHAP-Challenge = 0x41e6bde1 Framed-IP-Address = 146.164.xxx.198 Attr-589825 = 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235 3938303035343b rlm_ldap: - authorize rlm_ldap: performing user authorization for aaa ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to 146.164.xxx.236:636 rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to 146.164.xxx.236:636 failed: Can't contact LDAP server rlm_ldap: (re)connection attempt failed rlm_ldap: search failed ldap_release_conn: Release Id: 0 ---------------------------------------------------------- On Mon, 10 Jan 2005, Willey Kurt D wrote: > Use port 636 to your ldaps server, and let the radius server do the > work. The hardest part is generating the certificate trust. > > Sample radiusd.conf for ldaps to Win2K AD: > server = "127.0.0.1" > port = 636 > identity = "cn=ldapuser,cn=users,dc=domain,dc=com" > password = yourpass > basedn = "dc=domain,dc=com" > filter = > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))" > start_tls = no > tls_cacertfile = > /usr/local/ssl/certs/sslcertificate.pem > tls_cacertdir = /usr/local/ssl/certs/ > > If you can get ldapsearch to work, radiusd is a breeze. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Anderson Alves de Albuquerque > Sent: Monday, January 10, 2005 9:18 AM > To: freeradius-users@lists.freeradius.org > Subject: Radius with SSL > > > > I need one manual about Radius + SSL. > > I have RADIUS making authentication in LDAP Server, but I need to pass > the authentication with SSL. > How can I make ? > How cak I help me ? Please... > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html