Hi,
I did a bit more research on this and here is what happens.
When ldap module is configured with start_tls = yes it calls
ldap_start_tls_s() function. With "Disallow anonymous
simple bind" this call fails and as such the error
"rlm_ldap: could not start TLS Inappropriate authentication"
is returned.
The solution for this would be to use tls_mode and port 636
Thus in the ldap module section of radiusd.conf set :
port = 636
tls_mode = yes
This will work even with the "Disallow anonymous simple bind"
option on.
-Sayantan.
>>> [EMAIL PROTECTED] 04/07/05 6:39 PM >>>
Hi,
The "Disallow anonymous simple bind" option "Prevents users from
logging
in to the LDAP server without specifying a username and password."
In case of FreeRADIUS the ldap module does not perform an
anonymous
bind so turning on this option should not create any problems. Could
you post
the complete debug message.
-Sayantan.
>>> [EMAIL PROTECTED] 04/07/05 3:11 AM >>>
Anyone have ideas on how to get freeradius to work with eDirectory
when
"Disallow anonymous simple bind" is turned on?
I am getting:
rlm_ldap: could not start TLS Inappropriate authentication
When I turn on this option. I've attempted to authenticate with an
ldap
browser as well. The LDAP browser I have though doesn't have a section
for
TLS and I do have require TLS turned on in eDirectory. Is there a TLS
capable ldap browser?
-d
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
