Hi, I think that your problem
has nothing to do with LDAP.. because .. --- snip --- rlm_ldap: user jtaylor authorized to use remote
access --- snip --- Your certificates are not
okay.. TLS says that the CA is unknown – TLS
Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read
client certificate A Check them... Regards, Edvin From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Taylor I am currently trying to get LDAP authentication to
work properly. As I am still learning the ins-and-outs on how all this
comes together I am having an issue validating a user with Radius-LDAP.
Attached is an example of the debug. Maybe it is just something stupid
that I am doing. Thank you for your help! James Taylor
EAP-Message = 0x573bea1ceb16030100040e000000 Message-Authenticator
= 0x00000000000000000000000000000000 State =
0xf666044c26dce30b13ecbacd04693e18 rad_recv: Access-Request packet from host
192.168.43.106:1645, id=126, length=151 User-Name
= "jtaylor" Framed-MTU
= 1400 Called-Station-Id
= "0014.6ae0.3180"
Calling-Station-Id = "0040.96a6.d46c"
Service-Type = Login-User
Message-Authenticator = 0x421ab8418995a7c7b6b94367b0d154d9
EAP-Message = 0x0204001119800000000715030100020230 NAS-Port-Type
= Wireless-802.11 NAS-Port =
4082 State =
0xf666044c26dce30b13ecbacd04693e18
NAS-IP-Address = 192.168.43.106
NAS-Identifier = "SAP" rlm_ldap: - authorize rlm_ldap: performing user authorization for jtaylor rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user jtaylor authorized to use remote
access rlm_ldap: ldap_release_conn: Release Id: 0 rlm_eap_tls: Length Included TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read
client certificate A 9963:error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1052:SSL alert number
48 9963:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl
handshake failure:s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1),
TLS session fails. rlm_eap_tls: BIO_read failed in a system call (-1),
TLS session fails. |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html