Hi, 

I'm trying to authorize users in different AD's (2003 and 2008), but I keep 
running into an error I can't find any thing on when I google it. 

For the purpose of the testing I have set the following in the ldap section: 
require_cert 

Freeradius tries to connect to the ldap server (2008), the connection fails and 
I get the following debug output. 

============================ DEBUG ======================================= 
[ldap_CustA] performing user authorization for MyAccount 
[ldap_CustA] expand: (&(sAMAccountName=%{User-Name})) -> 
(&(sAMAccountName=MyAccount)) 
[ldap_CustA] expand: ou=OU1,ou=OU2,dc=domain,dc=local -> 
ou=OU1,ou=OU2,dc=domain,dc=local 
[ldap_CustA] ldap_get_conn: Checking Id: 0 
[ldap_CustA] ldap_get_conn: Got Id: 0 
[ldap_CustA] attempting LDAP reconnection 
[ldap_CustA] (re)connect to AD-IP-ADDRESS:636, authentication 0 
[ldap_CustA] setting TLS mode to 1 
[ldap_CustA] setting TLS CACert File to /etc/raddb/certs/ca.pem 
[ldap_CustA] setting TLS CACert Directory to /etc/raddb/certs/ 
[ldap_CustA] setting TLS Require Cert to never 
[ldap_CustA] setting TLS Cert File to /etc/raddb/certs/server.crt 
[ldap_CustA] setting TLS Key File to /etc/raddb/certs/server.key 
[ldap_CustA] setting TLS Key File to /etc/raddb/certs/random 
[ldap_CustA] bind as user@domain.local/PASSWORD to 193.47.81.75:636 
TLS: could not add the certificate PEM Token #0:server.crt - 0 - error 
-8192:Unknown code ___f 0. 
TLS: error: could not initialize moznss security context - error -8192:Unknown 
code ___f 0 
TLS: can't create ssl handle. 
=========================================================================== 

======================= CONFIG SNIP ========================================= 
tls { 
start_tls = no 

cacertfile = /etc/raddb/certs/ca.pem 
cacertdir = /etc/raddb/certs/ 
certfile = /etc/raddb/certs/server.crt 
keyfile = /etc/raddb/certs/server.key 
randfile = /etc/raddb/certs/random 
require_cert = "never" 
} 
=========================================================================== 


I'm wondering why the random file is set as a TLS Key, and also what exactly is 
going wrong since I get the error for the PEM Token? 


Thank you for your help. 

-- 
Thanks for your help 
Frank 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to