RE: Radius with SSL
On Wed, 2 Feb 2005, Anderson Alves de Albuquerque wrote:
Thanks, My Radius with LDAP is OKAY now.
How can I configure the password in LDAP with MD5. Example:
in the LDAP I put:
rootpw {MD5}aY3BnUicTk23PiinE+qwew==
In the Radius.conf I put:
ldap {
server="ldaps.xxx.com"
identity="cn=root,dc=com"
password={MD5}aY3BnUicTk23PiinE+qwew==
The root password encryption method does matter. You should store it in the
password configuration directive unencrypted.
.
.
.
}
--
But radius don?t get to do authentication.
How can I put password LDAP in radius.conf with HAS MD5 or SHA1 ou SSHA?
On Mon, 10 Jan 2005, Willey Kurt D wrote:
Use port 636 to your ldaps server, and let the radius server do the
work. The hardest part is generating the certificate trust.
Sample radiusd.conf for ldaps to Win2K AD:
server = "127.0.0.1"
port = 636
identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
password = yourpass
basedn = "dc=domain,dc=com"
filter =
"(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
start_tls = no
tls_cacertfile =
/usr/local/ssl/certs/sslcertificate.pem
tls_cacertdir = /usr/local/ssl/certs/
If you can get ldapsearch to work, radiusd is a breeze.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Monday, January 10, 2005 9:18 AM
To: freeradius-users@lists.freeradius.org
Subject: Radius with SSL
I need one manual about Radius + SSL.
I have RADIUS making authentication in LDAP Server, but I need to pass
the authentication with SSL.
How can I make ?
How cak I help me ? Please...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
Thanks, My Radius with LDAP is OKAY now.
How can I configure the password in LDAP with MD5. Example:
in the LDAP I put:
rootpw {MD5}aY3BnUicTk23PiinE+qwew==
In the Radius.conf I put:
ldap {
server="ldaps.xxx.com"
identity="cn=root,dc=com"
password={MD5}aY3BnUicTk23PiinE+qwew==
.
.
.
}
--
But radius don´t get to do authentication.
How can I put password LDAP in radius.conf with HAS MD5 or SHA1 ou SSHA?
On Mon, 10 Jan 2005, Willey Kurt D wrote:
> Use port 636 to your ldaps server, and let the radius server do the
> work. The hardest part is generating the certificate trust.
>
> Sample radiusd.conf for ldaps to Win2K AD:
> server = "127.0.0.1"
> port = 636
> identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> password = yourpass
> basedn = "dc=domain,dc=com"
> filter =
> "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> start_tls = no
> tls_cacertfile =
> /usr/local/ssl/certs/sslcertificate.pem
> tls_cacertdir = /usr/local/ssl/certs/
>
> If you can get ldapsearch to work, radiusd is a breeze.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Monday, January 10, 2005 9:18 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Radius with SSL
>
>
>
> I need one manual about Radius + SSL.
>
> I have RADIUS making authentication in LDAP Server, but I need to pass
> the authentication with SSL.
> How can I make ?
> How cak I help me ? Please...
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
I created de cacert.pem like
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html.
I don´t understand what is ...
There is other good paper in the Internet?
On Thu, 13 Jan 2005, Willey Kurt D wrote:
> I don't use slapd, but it looks like your CA isn't known (trusted):
> "...tlsv1 alert unknown ca"
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:32 PM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Radius with SSL
>
>
>
>
> In option debug of the LDAP I look this:
> ---
> .
> .
> .
> .
> tls_read: want=5, got=5
> : 15 03 01 00 02 .
> tls_read: want=2, got=2
> : 02 30 .0
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
> ^Cslapd shutdown: waiting for 0 threads to terminate
> slapd stopped.
> -
>
>
>
> On Thu, 13 Jan 2005, Willey Kurt D wrote:
>
> > Is your ldap server listening on that port?
> > "...Can't contact LDAP server..."
> >
> > Does ldapsearch work?
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Thursday, January 13, 2005 12:02 PM
> > To: freeradius-users@lists.freeradius.org
> > Subject: RE: Radius with SSL
> >
> >
> >
> > I created the certificates with
> > http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> > radiusd.conf the configs below, but I have problems. look my debug in
>
> > the radiusd with "-x":
> >
> > ---
> > rad_recv: Access-Request packet from host 146.164.xxx.236:10537,
> id=104,
> >
> > length=132
> > User-Name = "aaa"
> > CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> > NAS-IP-Address = 146.164.xxx.236
> > NAS-Identifier = "UFRJGK"
> > NAS-Port-Type = Virtual
> > Service-Type = Login-User
> > CHAP-Challenge = 0x41e6bde1
> > Framed-IP-Address = 146.164.xxx.198
> > Attr-589825 =
> >
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> > 3938303035343b
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for aaa
> > ldap_get_conn: Got Id: 0
> > rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> > rlm_ldap: setting TLS mode to 1
> > rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> > 146.164.xxx.236:636
> > rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> > 146.164.xxx.236:636
> > failed: Can't contact LDAP server
> > rlm_ldap: (re)connection attempt failed
> > rlm_ldap: search failed
> > ldap_release_conn: Release Id: 0
> > --
> >
> >
> >
> >
> > On Mon, 10 Jan 2005, Willey Kurt D wrote:
> >
> > > Use port 636 to your ldaps server, and let the radius server do the
> > > work. The hardest part is generating the certificate trust.
> > >
> > > Sample radiusd.conf for ldaps to Win2K AD:
> > > server = "127.0.0.1"
> > > port = 636
> > > identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > > password = yourpass
> > > basedn = "dc=domain,dc=com"
> > > filter =
> > > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > > start_tls = no
> > > tls_cacertfile =
> > > /usr/local/ssl/certs/sslcertificate.pem
> > > tls_cacertdir = /usr/local/ssl/certs/
> > >
> > > If you can get ldapsearch to work, radiusd is a breeze.
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > Anderson Alves de Albuquerque
> > > Sent: Monday, January 10, 2005 9:18 AM
> > > To: freeradius-users@lists.freeradius.org
> > > Subject: Radius with SSL
> &
RE: Radius with SSL
I don't use slapd, but it looks like your CA isn't known (trusted):
"...tlsv1 alert unknown ca"
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Thursday, January 13, 2005 12:32 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: Radius with SSL
In option debug of the LDAP I look this:
---
.
.
.
.
tls_read: want=5, got=5
: 15 03 01 00 02 .
tls_read: want=2, got=2
: 02 30 .0
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.
-
On Thu, 13 Jan 2005, Willey Kurt D wrote:
> Is your ldap server listening on that port?
> "...Can't contact LDAP server..."
>
> Does ldapsearch work?
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:02 PM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Radius with SSL
>
>
>
> I created the certificates with
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> radiusd.conf the configs below, but I have problems. look my debug in
> the radiusd with "-x":
>
> ---
> rad_recv: Access-Request packet from host 146.164.xxx.236:10537,
id=104,
>
> length=132
> User-Name = "aaa"
> CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> NAS-IP-Address = 146.164.xxx.236
> NAS-Identifier = "UFRJGK"
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> CHAP-Challenge = 0x41e6bde1
> Framed-IP-Address = 146.164.xxx.198
> Attr-589825 =
>
0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> 3938303035343b
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for aaa
> ldap_get_conn: Got Id: 0
> rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> 146.164.xxx.236:636
> rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> 146.164.xxx.236:636
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> --
>
>
>
>
> On Mon, 10 Jan 2005, Willey Kurt D wrote:
>
> > Use port 636 to your ldaps server, and let the radius server do the
> > work. The hardest part is generating the certificate trust.
> >
> > Sample radiusd.conf for ldaps to Win2K AD:
> > server = "127.0.0.1"
> > port = 636
> > identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > password = yourpass
> > basedn = "dc=domain,dc=com"
> > filter =
> > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > start_tls = no
> > tls_cacertfile =
> > /usr/local/ssl/certs/sslcertificate.pem
> > tls_cacertdir = /usr/local/ssl/certs/
> >
> > If you can get ldapsearch to work, radiusd is a breeze.
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Monday, January 10, 2005 9:18 AM
> > To: freeradius-users@lists.freeradius.org
> > Subject: Radius with SSL
> >
> >
> >
> > I need one manual about Radius + SSL.
> >
> > I have RADIUS making authentication in LDAP Server, but I need to
> pass
> > the authentication with SSL.
> > How can I make ?
> > How cak I help me ? Please...
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
In option debug of the LDAP I look this:
---
.
.
.
.
tls_read: want=5, got=5
: 15 03 01 00 02 .
tls_read: want=2, got=2
: 02 30 .0
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1052
^Cslapd shutdown: waiting for 0 threads to terminate
slapd stopped.
-
On Thu, 13 Jan 2005, Willey Kurt D wrote:
> Is your ldap server listening on that port?
> "...Can't contact LDAP server..."
>
> Does ldapsearch work?
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:02 PM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Radius with SSL
>
>
>
> I created the certificates with
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> radiusd.conf the configs below, but I have problems. look my debug in
> the radiusd with "-x":
>
> ---
> rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
>
> length=132
> User-Name = "aaa"
> CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> NAS-IP-Address = 146.164.xxx.236
> NAS-Identifier = "UFRJGK"
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> CHAP-Challenge = 0x41e6bde1
> Framed-IP-Address = 146.164.xxx.198
> Attr-589825 =
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> 3938303035343b
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for aaa
> ldap_get_conn: Got Id: 0
> rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> 146.164.xxx.236:636
> rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> 146.164.xxx.236:636
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> --
>
>
>
>
> On Mon, 10 Jan 2005, Willey Kurt D wrote:
>
> > Use port 636 to your ldaps server, and let the radius server do the
> > work. The hardest part is generating the certificate trust.
> >
> > Sample radiusd.conf for ldaps to Win2K AD:
> > server = "127.0.0.1"
> > port = 636
> > identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > password = yourpass
> > basedn = "dc=domain,dc=com"
> > filter =
> > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > start_tls = no
> > tls_cacertfile =
> > /usr/local/ssl/certs/sslcertificate.pem
> > tls_cacertdir = /usr/local/ssl/certs/
> >
> > If you can get ldapsearch to work, radiusd is a breeze.
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Monday, January 10, 2005 9:18 AM
> > To: freeradius-users@lists.freeradius.org
> > Subject: Radius with SSL
> >
> >
> >
> > I need one manual about Radius + SSL.
> >
> > I have RADIUS making authentication in LDAP Server, but I need to
> pass
> > the authentication with SSL.
> > How can I make ?
> > How cak I help me ? Please...
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
The is up:
--
# netstat -at|grep ldap
tcp4 0 0 *.ldaps*.*LISTEN
tcp6 0 0 *.ldaps*.*LISTEN
tcp4 0 0 *.ldap *.*LISTEN
tcp6 0 0 *.ldap *.*LISTEN
tcp4 0 0 146.164.247.236.4435 146.164.247.236.ldaps TIME_WAIT
tcp4 0 0 146.164.247.236.3299 146.164.247.236.ldaps TIME_WAIT
---
On Thu, 13 Jan 2005, Willey Kurt D wrote:
> Is your ldap server listening on that port?
> "...Can't contact LDAP server..."
>
> Does ldapsearch work?
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Thursday, January 13, 2005 12:02 PM
> To: freeradius-users@lists.freeradius.org
> Subject: RE: Radius with SSL
>
>
>
> I created the certificates with
> http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
> radiusd.conf the configs below, but I have problems. look my debug in
> the radiusd with "-x":
>
> ---
> rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
>
> length=132
> User-Name = "aaa"
> CHAP-Password = 0x658558a664c7032b44818a81b755804a11
> NAS-IP-Address = 146.164.xxx.236
> NAS-Identifier = "UFRJGK"
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> CHAP-Challenge = 0x41e6bde1
> Framed-IP-Address = 146.164.xxx.198
> Attr-589825 =
> 0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
> 3938303035343b
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for aaa
> ldap_get_conn: Got Id: 0
> rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
> 146.164.xxx.236:636
> rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
> 146.164.xxx.236:636
> failed: Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> ldap_release_conn: Release Id: 0
> --
>
>
>
>
> On Mon, 10 Jan 2005, Willey Kurt D wrote:
>
> > Use port 636 to your ldaps server, and let the radius server do the
> > work. The hardest part is generating the certificate trust.
> >
> > Sample radiusd.conf for ldaps to Win2K AD:
> > server = "127.0.0.1"
> > port = 636
> > identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> > password = yourpass
> > basedn = "dc=domain,dc=com"
> > filter =
> > "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> > start_tls = no
> > tls_cacertfile =
> > /usr/local/ssl/certs/sslcertificate.pem
> > tls_cacertdir = /usr/local/ssl/certs/
> >
> > If you can get ldapsearch to work, radiusd is a breeze.
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Anderson Alves de Albuquerque
> > Sent: Monday, January 10, 2005 9:18 AM
> > To: freeradius-users@lists.freeradius.org
> > Subject: Radius with SSL
> >
> >
> >
> > I need one manual about Radius + SSL.
> >
> > I have RADIUS making authentication in LDAP Server, but I need to
> pass
> > the authentication with SSL.
> > How can I make ?
> > How cak I help me ? Please...
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
Is your ldap server listening on that port?
"...Can't contact LDAP server..."
Does ldapsearch work?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Thursday, January 13, 2005 12:02 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: Radius with SSL
I created the certificates with
http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
radiusd.conf the configs below, but I have problems. look my debug in
the radiusd with "-x":
---
rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
length=132
User-Name = "aaa"
CHAP-Password = 0x658558a664c7032b44818a81b755804a11
NAS-IP-Address = 146.164.xxx.236
NAS-Identifier = "UFRJGK"
NAS-Port-Type = Virtual
Service-Type = Login-User
CHAP-Challenge = 0x41e6bde1
Framed-IP-Address = 146.164.xxx.198
Attr-589825 =
0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c303235
3938303035343b
rlm_ldap: - authorize
rlm_ldap: performing user authorization for aaa
ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
146.164.xxx.236:636
rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to
146.164.xxx.236:636
failed: Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
--
On Mon, 10 Jan 2005, Willey Kurt D wrote:
> Use port 636 to your ldaps server, and let the radius server do the
> work. The hardest part is generating the certificate trust.
>
> Sample radiusd.conf for ldaps to Win2K AD:
> server = "127.0.0.1"
> port = 636
> identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> password = yourpass
> basedn = "dc=domain,dc=com"
> filter =
> "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> start_tls = no
> tls_cacertfile =
> /usr/local/ssl/certs/sslcertificate.pem
> tls_cacertdir = /usr/local/ssl/certs/
>
> If you can get ldapsearch to work, radiusd is a breeze.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Monday, January 10, 2005 9:18 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Radius with SSL
>
>
>
> I need one manual about Radius + SSL.
>
> I have RADIUS making authentication in LDAP Server, but I need to
pass
> the authentication with SSL.
> How can I make ?
> How cak I help me ? Please...
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
I created the certificates with
http://www.freeradius.org/radiusd/doc/rlm_ldap. And I put in my
radiusd.conf the configs below, but I have problems. look my debug in
the radiusd with "-x":
---
rad_recv: Access-Request packet from host 146.164.xxx.236:10537, id=104,
length=132
User-Name = "aaa"
CHAP-Password = 0x658558a664c7032b44818a81b755804a11
NAS-IP-Address = 146.164.xxx.236
NAS-Identifier = "UFRJGK"
NAS-Port-Type = Virtual
Service-Type = Login-User
CHAP-Challenge = 0x41e6bde1
Framed-IP-Address = 146.164.xxx.198
Attr-589825 =
0x683332332d6976722d6f75743d7465726d696e616c2d616c6961733a6161612c3032353938303035343b
rlm_ldap: - authorize
rlm_ldap: performing user authorization for aaa
ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to 146.164.xxx.236:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: bind as cn=root,dc=voip,dc=nce,dc=ufrj,dc=br/teste to
146.164.xxx.236:636
rlm_ldap: cn=root,dc=voip,dc=nce,dc=ufrj,dc=br bind to 146.164.xxx.236:636
failed: Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
ldap_release_conn: Release Id: 0
--
On Mon, 10 Jan 2005, Willey Kurt D wrote:
> Use port 636 to your ldaps server, and let the radius server do the
> work. The hardest part is generating the certificate trust.
>
> Sample radiusd.conf for ldaps to Win2K AD:
> server = "127.0.0.1"
> port = 636
> identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
> password = yourpass
> basedn = "dc=domain,dc=com"
> filter =
> "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
> start_tls = no
> tls_cacertfile =
> /usr/local/ssl/certs/sslcertificate.pem
> tls_cacertdir = /usr/local/ssl/certs/
>
> If you can get ldapsearch to work, radiusd is a breeze.
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Anderson Alves de Albuquerque
> Sent: Monday, January 10, 2005 9:18 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Radius with SSL
>
>
>
> I need one manual about Radius + SSL.
>
> I have RADIUS making authentication in LDAP Server, but I need to pass
> the authentication with SSL.
> How can I make ?
> How cak I help me ? Please...
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius with SSL
Use port 636 to your ldaps server, and let the radius server do the
work. The hardest part is generating the certificate trust.
Sample radiusd.conf for ldaps to Win2K AD:
server = "127.0.0.1"
port = 636
identity = "cn=ldapuser,cn=users,dc=domain,dc=com"
password = yourpass
basedn = "dc=domain,dc=com"
filter =
"(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))"
start_tls = no
tls_cacertfile =
/usr/local/ssl/certs/sslcertificate.pem
tls_cacertdir = /usr/local/ssl/certs/
If you can get ldapsearch to work, radiusd is a breeze.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Anderson Alves de Albuquerque
Sent: Monday, January 10, 2005 9:18 AM
To: freeradius-users@lists.freeradius.org
Subject: Radius with SSL
I need one manual about Radius + SSL.
I have RADIUS making authentication in LDAP Server, but I need to pass
the authentication with SSL.
How can I make ?
How cak I help me ? Please...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
