Ivan De Masi wrote: > The access to the ldap server is secured with ssl (not TLS!), so > openladp is listening on port 636. > > When I try > > # radtest user "mypassword" localhost 1 testing123 > > I get the following message: > > Reply-Message = "TLS: hostname does not match CN in peer certificate"
That message does not exist in the default configuration. Someone added it to the local configuration. > Complete output: > > Sending Access-Request of id 137 to 127.0.0.1 port 1812 > User-Name = "user" > User-Password = "password" > NAS-IP-Address = 127.0.1.1 > NAS-Port = 1 Uh... no. You are aware that the "radclient" program is not the radius server? Read the output of "radiusd -X". This is mentioned in the FAQ, Wiki, web site, "man" page, and daily on this list. > That's correct, because I'm still in a testing phase and the openldap > certificate doesn't match with the openldap hostname. But I need to > fetch the data... > What can I change to get it working? Is the only way to generate new > certificate files? I have no idea what you're doing, so I can't answer that question. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
