[FUG-BR] TLS
Anderson Alves de Albuquerque
anderson em belem.voip.nce.ufrj.br
Qua Fev 2 09:00:37 BRST 2005
Na minha tela de debug do Freeradius com FreeBSD aparece a tela abixo,
alguém sabe o que pode ser?
A comunicacao usa TLS com LDAP. O LDAP ja´ está funcionando com o
ldapsearch na porta ldaps, sniffei e vejo o tráfego encriptado.
Quando tento colocar o Radius com LDAP usando TLS tenho problemas. A
comunicação RADIUS LDAP sem TLS funciona perfeitamente.
Look my config in radius:
--------------------
ldap {
Auth-Type := LDAP
server="teste.com"
identity="cn=root,dc=com"
password=teste
basedn="ou=users,dc=com"
filter = (uid=%{Stripped-User-Name:-{User-Name}})
base_filter = "(objectclass=radiusprofile)"
password_attribute = userPassword
dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap
ldap_cache_timeout = 320
ldap_cache_size = 0
ldap_connections_number = 10
timeout = 3
timelimit = 5
net_timeout = 1
compare_check_items = no
port=636
start_tls = no
tls_mode = no
tls_cacertfile = /usr/var/openldap-data/cacert.pem
tls_certfile = /usr/var/opendalp-data/ldap.client.pem
tls_keyfile = /usr/var/openldap-data/ldap.client.key.pem
tls_require_cert = "demand"
}
-------------------
Look my debug:
--------------------
User-Name = "digo"
CHAP-Password = 0x35a7441d3124adc1718fe869aa81b073e3
NAS-IP-Address = x.y.z.5
NAS-Identifier = "UFRJGK"
NAS-Port-Type = Virtual
Service-Type = Login-User
CHAP-Challenge = 0x41fd554e
Framed-IP-Address = x.y.z.8
Cisco-AVPair = "h323-ivr-out=terminal-alias:"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anderson
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to xxx.com:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /usr/var/openldap-data/cacert.pem
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to /usr/var/opendalp-data/ldap.client.pem
rlm_ldap: setting TLS Key File to
/usr/var/openldap-data/ldap.client.key.pem
rlm_ldap: bind as cn=root,dc=com/xxx.com:636
rlm_ldap: cn=root,dc=com bind to xxx.com:636 failed:
Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
-------------------
_______________________________________________________________
Para enviar um novo email para a lista: freebsd em fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
Mais detalhes sobre a lista de discussão freebsd