'Freeradius + Ldap + SSL/TLS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Freeradius + Ldap + SSL/TLS
From:       RATSIMIVEH Remi <ratsimiveh.remi () gmail ! com>
Date:       2011-06-28 13:28:32
Message-ID: BANLkTinCpY+oW6O_0P3QXK4havU3V1Namw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi,

I install freeradius on Debian machine. I have my user in ldap
and I use that directory to authentication.But when I want
to use SSL or TLS in connections between radius and ldap, I have that error

in radius log. (Freeradius -X)

---------------------------------
 [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to ldap.corporate.com:1793, authentication 0
  [ldap] setting TLS CACert File to /etc/freradius/certs/RootCA.pem
  [ldap] setting TLS CACert Directory to /etc/freeradius/certs/
  [ldap] setting TLS Cert File to /etc/freeradius/certs/RootCA.crt
  [ldap] setting TLS Key File to /etc/freeradius/certs/SSLSubCA.pem
  [ldap] setting TLS Key File to /etc/freeradius/certs/
  [ldap] bind as uid=...,dc=...,dc=...,dc=.../pssword to
ldap.corporate.com:1793
  [ldap] waiting for bind result ...
  [ldap] ldap_result()
  [ldap] uid=...,dc=...,dc=...,dc=.../pssword to
ldap.corporate.com:1793failed: timeout
  [ldap] (re)connection attempt failed
[ldap] search failed
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns fail
---------------------------------

i have in ldap.conf :

ldap {

    server = "ldap.corporate.com"
    port    = 1793
...
tls {
            # cacertfile    = /path/to/cacert.pem
            # cacertdir     = /path/to/certs/
            # certfile        = /path/to/radius.crt
            # keyfile        = /path/to/radius.key
            # randfile        = /path/to/rnd
            # require_cert    = "demand"

         cacertfile    = /etc/freradius/certs/RootCA.pem
             cacertdir        = /etc/freeradius/certs/
             certfile        = /etc/freeradius/certs/RootCA.crt
             keyfile        = /etc/freeradius/certs/SSLSubCA.pem
             randfile        = /etc/freeradius/certs/
             require_cert    = "allow"

it's an another team who manage this ldap corporate.
This team request me to import the Corporate.Root.CA and Corporate.SSL.CA to
be able to SSL connections.
About them, my radius server don't used SSL connections. I don't know where
put them...
Sorry for my English, the french replies will be accepted.....

[Attachment #5 (text/html)]

Hi,
<br><br>I install freeradius on Debian machine. I have my user in ldap  
<br>and I use that directory to authentication.But when I want  
<br>to use SSL or TLS in connections between radius and ldap, I have that error  
<br>in radius log. (Freeradius -X)
<br><br>---------------------------------
<br> [ldap] ldap_get_conn: Checking Id: 0
<br>  [ldap] ldap_get_conn: Got Id: 0
<br>  [ldap] attempting LDAP reconnection
<br>  [ldap] (re)connect to <a \
href="http://ldap.corporate.com:1793">ldap.corporate.com:1793</a>, authentication 0 \
<br>  [ldap] setting TLS CACert File to /etc/freradius/certs/RootCA.pem <br>  [ldap] \
setting TLS CACert Directory to /etc/freeradius/certs/ <br>  [ldap] setting TLS Cert \
File to /etc/freeradius/certs/RootCA.crt <br>  [ldap] setting TLS Key File to \
/etc/freeradius/certs/SSLSubCA.pem <br>  [ldap] setting TLS Key File to \
/etc/freeradius/certs/ <br>  [ldap] bind as uid=...,dc=...,dc=...,dc=.../pssword to \
<a href="http://ldap.corporate.com:1793">ldap.corporate.com:1793</a> <br>  [ldap] \
waiting for bind result ... <br>  [ldap] ldap_result()
<br>  [ldap] uid=...,dc=...,dc=...,dc=.../pssword to <a \
href="http://ldap.corporate.com:1793">ldap.corporate.com:1793</a> failed: timeout \
<br>  [ldap] (re)connection attempt failed <br>[ldap] search failed
<br>  [ldap] ldap_release_conn: Release Id: 0
<br>++[ldap] returns fail
<br>---------------------------------
<br><br>i have in ldap.conf :
<br><br>ldap {
<br> 
<br>    server = &quot;<a \
href="http://ldap.corporate.com">ldap.corporate.com</a>&quot; <br>    port    = 1793
<br>...
<br>tls {
<br>            # cacertfile    = /path/to/cacert.pem
<br>            # cacertdir     = /path/to/certs/
<br>            # certfile        = /path/to/radius.crt
<br>            # keyfile        = /path/to/radius.key
<br>            # randfile        = /path/to/rnd
<br>            # require_cert    = &quot;demand&quot;
<br><br>         cacertfile    = /etc/freradius/certs/RootCA.pem
<br>             cacertdir        = /etc/freeradius/certs/
<br>             certfile        = /etc/freeradius/certs/RootCA.crt
<br>             keyfile        = /etc/freeradius/certs/SSLSubCA.pem
<br>             randfile        = /etc/freeradius/certs/
<br>             require_cert    = &quot;allow&quot;
<br><br>it&#39;s an another team who manage this ldap corporate.
<br>This team request me to import the <a \
href="http://Corporate.Root.CA">Corporate.Root.CA</a> and <a \
href="http://Corporate.SSL.CA">Corporate.SSL.CA</a> to be able to SSL connections. \
<br>About them, my radius server don&#39;t used SSL connections. I don&#39;t know \
where put them... <br>Sorry for my English, the french replies will be accepted.....



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic