Hi, it may sound stupid, but - does the NetWare server has TLS / SSL turned on?
Regards, Edvin Seferovic -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Freitag, 02. September 2005 04:59 To: freeradius-users@lists.freeradius.org Subject: TLS/SSL to eDirectory Setup: - FreeRADIUS 1.0.4 built with edir on FreeBSD 4.11 server. - Cisco 3005 VPN Concentrator - LDAP database on NetWare 6.5 server Everything works fine when not use SSL certificate and TLS. However, when TLS is turned on, here is what I get: -----snip----- Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 10.254.1.6:1063, id=27, length=118 User-Name = "username" User-Password = "password" NAS-Port = 1028 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "10.254.1.6" Calling-Station-Id = "69.152.48.158" Tunnel-Client-Endpoint:0 = "69.152.48.158" NAS-IP-Address = 10.254.1.6 NAS-Port-Type = Virtual Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "stcrye", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for stcrye radius_xlat: '(cn=username)' radius_xlat: 'o=services' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.254.8.25:389, authentication 0 rlm_ldap: setting TLS CACert File to /home/juser/trustedrootcertssl-certdns-episd1.b64 rlm_ldap: starting TLS rlm_ldap: ldap_start_tls_s() rlm_ldap: could not start TLS Connect error rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns fail for request 0 modcall: group authorize returns fail for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.254.1.6:1063, id=27, length=118 Discarding duplicate request from client VPN:1063 - ID: 27 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 27 with timestamp 431712ab Nothing to do. Sleeping until we see a request. -----snip----- Relevent portion of radiusd.conf: -----snip----- ldap ldap1 { server = "10.254.8.25" identity = "cn=raduser,o=services" password = secretrad basedn = "o=services" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" #start_tls = no start_tls = yes tls_cacertfile = /home/juser/trustedrootcertssl-certdns-episd1.b64 dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = userPassword edir_account_policy_check=no timeout = 20 timelimit = 20 net_timeout = 20 -----snip----- When I un-comment start_tls = no and comment out start_tls = yes and tls_cacertfile, everything works fine. I don't really know where to start. I have read the faq's, been up and down the list and can't find a solution. Thanks in advance. Josh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html