----- Original Message -----
> From: "Alan Buxey" <a.l.m.bu...@lboro.ac.uk>
> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
> Sent: Sunday, November 6, 2011 10:59:43 AM
> Subject: Re: ldap tls in freeradius
>
> Hi,
>
> > tls {
> > start_tls = no
> >
> > cacertfile = /etc/raddb/certs/ca.pem
> > cacertdir = /etc/raddb/certs/
> > certfile = /etc/raddb/certs/server.crt
> > keyfile = /etc/raddb/certs/server.key
> > randfile = /etc/raddb/certs/random
> > require_cert = "never"
>
> are these certs for the LDAP connectin - or are these your main certs
> for the client connections - as the directory looks to be the same.
> ensure you have seperate config for your RADIUS<->LDAP connection...
>
> is the CRT file PEM readable? - ie use openssl tool to check your
> cert
The snippet above is from the ldap setup.
I do not expect to use EAP, so the certs are only to connect to the ldap
servers. I'm new to openssl, but I did manage to find the syntax for reading
the PEM crt file with -noout -text, and it give me the certificate data.
The directory that I pointed to were the one that bootstrap automatically
created. Do I need to create new certificates for the ldap lookup (if so is
there a guide some where)?
What is required (eg. key = values etc) in order to do a secure LDAP lookup in
a remote AD. I would also like (for testing) to ensure that the ldap lookup
does not try to validate the ldap server certificate I assume that
"require_cert" does this for me?
--
Thanks,
Frank
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
