The is up: -------------------------------------- # netstat -at|grep ldap tcp4 0 0 *.ldaps *.* LISTEN tcp6 0 0 *.ldaps *.* LISTEN tcp4 0 0 *.ldap *.* LISTEN tcp6 0 0 *.ldap *.* LISTEN tcp4 0 0 146.164.247.236.4435 146.164.247.236.ldaps TIME_WAIT tcp4 0 0 146.164.247.236.3299 146.164.247.236.ldaps TIME_WAIT -------------------------------
On Thu, 13 Jan 2005, Willey Kurt D wrote: > Is your ldap server listening on that port? > "...Can't contact LDAP server..." > > Does ldapsearch work? > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Anderson Alves de Albuquerque > Sent: Thursday, January 13, 2005 12:02 PM > To: freeradius-users@lists.freeradius.org > Subject: RE: Radius with SSL > > > > I created the certificates with > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my > radiusd.conf the configs below, but I have problems. look my debug in > the radiusd with "-x": > > ------------------------------------------------------------------- > rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104, > > length=132 > User-Name = "aaa" > CHAP-Password = 0x658558a664c7032b44818a81b755804a11 > NAS-IP-Address = 146.164.xxx.236 > NAS-Identifier = "UFRJGK" > NAS-Port-Type = Virtual > Service-Type = Login-User > CHAP-Challenge = 0x41e6bde1 > Framed-IP-Address = 146.164.xxx.198 > Attr-589825 = > 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235 > 3938303035343b > rlm_ldap: - authorize > rlm_ldap: performing user authorization for aaa > ldap_get_conn: Got Id: 0 > rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to > 146.164.xxx.236:636 > rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to > 146.164.xxx.236:636 > failed: Can't contact LDAP server > rlm_ldap: (re)connection attempt failed > rlm_ldap: search failed > ldap_release_conn: Release Id: 0 > ---------------------------------------------------------- > > > > > On Mon, 10 Jan 2005, Willey Kurt D wrote: > > > Use port 636 to your ldaps server, and let the radius server do the > > work. The hardest part is generating the certificate trust. > > > > Sample radiusd.conf for ldaps to Win2K AD: > > server = "127.0.0.1" > > port = 636 > > identity = "cn=ldapuser,cn=users,dc=domain,dc=com" > > password = yourpass > > basedn = "dc=domain,dc=com" > > filter = > > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))" > > start_tls = no > > tls_cacertfile = > > /usr/local/ssl/certs/sslcertificate.pem > > tls_cacertdir = /usr/local/ssl/certs/ > > > > If you can get ldapsearch to work, radiusd is a breeze. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Anderson Alves de Albuquerque > > Sent: Monday, January 10, 2005 9:18 AM > > To: freeradius-users@lists.freeradius.org > > Subject: Radius with SSL > > > > > > > > I need one manual about Radius + SSL. > > > > I have RADIUS making authentication in LDAP Server, but I need to > pass > > the authentication with SSL. > > How can I make ? > > How cak I help me ? Please... > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
