RE: Radius with SSL

Wed, 02 Feb 2005 07:21:36 -0800 

On Wed, 2 Feb 2005, Anderson Alves de Albuquerque wrote:



Thanks, My Radius with LDAP is OKAY now.

How can I configure the password in LDAP with MD5. Example:
in the LDAP I put:
rootpw {MD5}aY3BnUicTk23PiinE+qwew==


In the Radius.conf I put:
ldap {
       server="ldaps.xxx.com"
       identity="cn=root,dc=com"
       password={MD5}aY3BnUicTk23PiinE+qwew==

The root password encryption method does matter. You should store it in the password configuration directive unencrypted.

.
.
.
}
------------------------------------------


But radius don?t get to do authentication.
How can I put password LDAP in radius.conf with HAS MD5 or SHA1 ou SSHA?


On Mon, 10 Jan 2005, Willey Kurt D wrote:

Use port 636 to your ldaps server, and let the radius server do the
work. The hardest part is generating the certificate trust.

Sample radiusd.conf for ldaps to Win2K AD:
                server = "127.0.0.1"
                port = 636
                identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
                password = yourpass
                basedn = "dc=domain,dc=com"
                filter =
"(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
                start_tls = no
                tls_cacertfile  =
/usr/local/ssl/certs/sslcertificate.pem
                tls_cacertdir   = /usr/local/ssl/certs/

If you can get ldapsearch to work, radiusd is a breeze.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Monday, January 10, 2005 9:18 AM
To: freeradius-users@lists.freeradius.org
Subject: Radius with SSL



 I need one manual about Radius + SSL.

 I have RADIUS making authentication in LDAP Server, but I need to pass
 the authentication with SSL.
 How can I make ?
 How cak I help me ? Please...


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to