Hi, I install freeradius on Debian machine. I have my user in ldap and I use that directory to authentication.But when I want to use SSL or TLS in connections between radius and ldap, I have that error
in radius log. (Freeradius -X) --------------------------------- [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to ldap.corporate.com:1793, authentication 0 [ldap] setting TLS CACert File to /etc/freradius/certs/RootCA.pem [ldap] setting TLS CACert Directory to /etc/freeradius/certs/ [ldap] setting TLS Cert File to /etc/freeradius/certs/RootCA.crt [ldap] setting TLS Key File to /etc/freeradius/certs/SSLSubCA.pem [ldap] setting TLS Key File to /etc/freeradius/certs/ [ldap] bind as uid=...,dc=...,dc=...,dc=.../pssword to ldap.corporate.com:1793 [ldap] waiting for bind result ... [ldap] ldap_result() [ldap] uid=...,dc=...,dc=...,dc=.../pssword to ldap.corporate.com:1793failed: timeout [ldap] (re)connection attempt failed [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns fail --------------------------------- i have in ldap.conf : ldap { server = "ldap.corporate.com" port = 1793 ... tls { # cacertfile = /path/to/cacert.pem # cacertdir = /path/to/certs/ # certfile = /path/to/radius.crt # keyfile = /path/to/radius.key # randfile = /path/to/rnd # require_cert = "demand" cacertfile = /etc/freradius/certs/RootCA.pem cacertdir = /etc/freeradius/certs/ certfile = /etc/freeradius/certs/RootCA.crt keyfile = /etc/freeradius/certs/SSLSubCA.pem randfile = /etc/freeradius/certs/ require_cert = "allow" it's an another team who manage this ldap corporate. This team request me to import the Corporate.Root.CA and Corporate.SSL.CA to be able to SSL connections. About them, my radius server don't used SSL connections. I don't know where put them... Sorry for my English, the french replies will be accepted.....
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html