In option debug of the LDAP I look this:
---------------------------
.
.
.
.
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 30 .0
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.
-----------------------------
On Thu, 13 Jan 2005, Willey Kurt D wrote:
> Is your ldap server listening on that port?
> "...Can't contact LDAP server..."
>
> Does ldapsearch work?
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:02 PM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Radius with SSL
>
>
>
> I created the certificates with
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> radiusd.conf the configs below, but I have problems. look my debug in
> the radiusd with "-x":
>
> -------------------------------------------------------------------
> rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
>
> length=132
> User-Name = "aaa"
> CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> NAS-IP-Address = 146.164.xxx.236
> NAS-Identifier = "UFRJGK"
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> CHAP-Challenge = 0x41e6bde1
> Framed-IP-Address = 146.164.xxx.198
> Attr-589825 =
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> 3938303035343b
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for aaa
> ldap_get_conn: Got Id: 0
> rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> 146.164.xxx.236:636
> rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> 146.164.xxx.236:636
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> ----------------------------------------------------------
>
>
>
>
> On Mon, 10 Jan 2005, Willey Kurt D wrote:
>
> > Use port 636 to your ldaps server, and let the radius server do the
> > work. The hardest part is generating the certificate trust.
> >
> > Sample radiusd.conf for ldaps to Win2K AD:
> > server = "127.0.0.1"
> > port = 636
> > identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > password = yourpass
> > basedn = "dc=domain,dc=com"
> > filter =
> > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > start_tls = no
> > tls_cacertfile =
> > /usr/local/ssl/certs/sslcertificate.pem
> > tls_cacertdir = /usr/local/ssl/certs/
> >
> > If you can get ldapsearch to work, radiusd is a breeze.
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Monday, January 10, 2005 9:18 AM
> > To: freeradius-users@lists.freeradius.org
> > Subject: Radius with SSL
> >
> >
> >
> > I need one manual about Radius + SSL.
> >
> > I have RADIUS making authentication in LDAP Server, but I need to
> pass
> > the authentication with SSL.
> > How can I make ?
> > How cak I help me ? Please...
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html