Hi, I did a bit more research on this and here is what happens. When ldap module is configured with start_tls = yes it calls ldap_start_tls_s() function. With "Disallow anonymous simple bind" this call fails and as such the error "rlm_ldap: could not start TLS Inappropriate authentication" is returned. The solution for this would be to use tls_mode and port 636 Thus in the ldap module section of radiusd.conf set :
port = 636 tls_mode = yes This will work even with the "Disallow anonymous simple bind" option on. -Sayantan. >>> [EMAIL PROTECTED] 04/07/05 6:39 PM >>> Hi, The "Disallow anonymous simple bind" option "Prevents users from logging in to the LDAP server without specifying a username and password." In case of FreeRADIUS the ldap module does not perform an anonymous bind so turning on this option should not create any problems. Could you post the complete debug message. -Sayantan. >>> [EMAIL PROTECTED] 04/07/05 3:11 AM >>> Anyone have ideas on how to get freeradius to work with eDirectory when "Disallow anonymous simple bind" is turned on? I am getting: rlm_ldap: could not start TLS Inappropriate authentication When I turn on this option. I've attempted to authenticate with an ldap browser as well. The LDAP browser I have though doesn't have a section for TLS and I do have require TLS turned on in eDirectory. Is there a TLS capable ldap browser? -d - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html