I don't use slapd, but it looks like your CA isn't known (trusted): "...tlsv1 alert unknown ca"
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anderson Alves de Albuquerque Sent: Thursday, January 13, 2005 12:32 PM To: freeradius-users@lists.freeradius.org Subject: RE: Radius with SSL In option debug of the LDAP I look this: --------------------------- . . . . tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS: can't accept. TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052 ^Cslapd shutdown: waiting for 0 threads to terminate slapd stopped. ----------------------------- On Thu, 13 Jan 2005, Willey Kurt D wrote: > Is your ldap server listening on that port? > "...Can't contact LDAP server..." > > Does ldapsearch work? > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Anderson Alves de Albuquerque > Sent: Thursday, January 13, 2005 12:02 PM > To: freeradius-users@lists.freeradius.org > Subject: RE: Radius with SSL > > > > I created the certificates with > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my > radiusd.conf the configs below, but I have problems. look my debug in > the radiusd with "-x": > > ------------------------------------------------------------------- > rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104, > > length=132 > User-Name = "aaa" > CHAP-Password = 0x658558a664c7032b44818a81b755804a11 > NAS-IP-Address = 146.164.xxx.236 > NAS-Identifier = "UFRJGK" > NAS-Port-Type = Virtual > Service-Type = Login-User > CHAP-Challenge = 0x41e6bde1 > Framed-IP-Address = 146.164.xxx.198 > Attr-589825 = > 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235 > 3938303035343b > rlm_ldap: - authorize > rlm_ldap: performing user authorization for aaa > ldap_get_conn: Got Id: 0 > rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to > 146.164.xxx.236:636 > rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to > 146.164.xxx.236:636 > failed: Can't contact LDAP server > rlm_ldap: (re)connection attempt failed > rlm_ldap: search failed > ldap_release_conn: Release Id: 0 > ---------------------------------------------------------- > > > > > On Mon, 10 Jan 2005, Willey Kurt D wrote: > > > Use port 636 to your ldaps server, and let the radius server do the > > work. The hardest part is generating the certificate trust. > > > > Sample radiusd.conf for ldaps to Win2K AD: > > server = "127.0.0.1" > > port = 636 > > identity = "cn=ldapuser,cn=users,dc=domain,dc=com" > > password = yourpass > > basedn = "dc=domain,dc=com" > > filter = > > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))" > > start_tls = no > > tls_cacertfile = > > /usr/local/ssl/certs/sslcertificate.pem > > tls_cacertdir = /usr/local/ssl/certs/ > > > > If you can get ldapsearch to work, radiusd is a breeze. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Anderson Alves de Albuquerque > > Sent: Monday, January 10, 2005 9:18 AM > > To: freeradius-users@lists.freeradius.org > > Subject: Radius with SSL > > > > > > > > I need one manual about Radius + SSL. > > > > I have RADIUS making authentication in LDAP Server, but I need to > pass > > the authentication with SSL. > > How can I make ? > > How cak I help me ? Please... > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html