Set the hostname in the ldap conf to match what is in the certificate. You may need to create an entry in /etc/hosts to match. You may be able to get around the mismatch by creating an ldaprc file and setting the parameter that controls the hostname checking to none.
On Jun 15, 2012 10:12 PM, "Ivan De Masi" <it-supp...@asta.tu-darmstadt.de> wrote: > > Hello all, > > I have installed freeradius 2.1.10 on Debian Squeeze and configured to fetch the users on the ldap server. > > The access to the ldap server is secured with ssl (not TLS!), so openladp is listening on port 636. > > When I try > > # radtest user "mypassword" localhost 1 testing123 > > I get the following message: > > Reply-Message = "TLS: hostname does not match CN in peer certificate" > > Complete output: > > Sending Access-Request of id 137 to 127.0.0.1 port 1812 > User-Name = "user" > User-Password = "password" > NAS-IP-Address = 127.0.1.1 > NAS-Port = 1 > > > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137, length=73 > Reply-Message = "TLS: hostname does not match CN in peer certificate" > > That's correct, because I'm still in a testing phase and the openldap certificate doesn't match with the openldap hostname. But I need to fetch the data... > What can I change to get it working? Is the only way to generate new certificate files? > > Thanks! > > Regards, > Ivan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html