[FUG-BR] TLS (fwd)

Giovanni P. Tirloni gpt em tirloni.org
Seg Jan 31 23:57:06 BRST 2005 

Anderson Alves de Albuquerque wrote:
>  Na minha tela de debug do Freeradius no Freebsd aparece a tela abixo, 
> alguém sabe o que pode ser?
> 
> 
> -------------- debug -X ----------------------------
> Cleaning up request 0 ID 41 with timestamp 41fc77b9
> Nothing to do.  Sleeping until we see a request.
> rad_recv: Access-Request packet from host 146.x.y.x:10958, id=41, 
> length=142
>         User-Name = "anderson"
>         CHAP-Password = 0x264687ce992af9084804a7d3fe6d654eae
>         NAS-IP-Address = 146.x.y.235
>         NAS-Identifier = "UFRJGK"
>         NAS-Port-Type = Virtual
>         Service-Type = Login-User
>         CHAP-Challenge = 0x41fbbfc3
>         Framed-IP-Address = 146.x.y.x
>         Cisco-AVPair = "h323-ivr-out=terminal-alias:anderson,025980011;"
> rad_lowerpair:  User-Name now 'anderson'
> rad_rmspace_pair:  User-Name now 'anderson'
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
>     rlm_realm: No '@' in User-Name = "anderson", looking up realm NULL
>     rlm_realm: Found realm "NULL"
>     rlm_realm: Adding Stripped-User-Name = "anderson"
>     rlm_realm: Proxying request from user anderson to realm NULL
>     rlm_realm: Adding Realm = "NULL"
>     rlm_realm: Authentication realm is LOCAL.
>   modcall[authorize]: module "suffix" returns noop for request 1
>   modcall[authorize]: module "digest" returns noop for request 1
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for anderson
> radius_xlat:  '(&(uid=anderson)(objectclass=radiusprofile))'
> radius_xlat:  'ou=users,dc=br'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: setting TLS mode to 1
> rlm_ldap: setting TLS CACert File to /home/brunoos/temp/certs/rootCA.crt
> rlm_ldap: setting TLS CACert File to /home/brunoos/temp/certs/
> rlm_ldap: setting TLS Require Cert to demand
> rlm_ldap: setting TLS Cert File to /home/brunoos/temp/certs/server.crt
> rlm_ldap: setting TLS Key File to /home/brunoos/temp/certs/server.key
> rlm_ldap: starting TLS
> rlm_ldap: ldap_start_tls_s()
> rlm_ldap: could not start TLS Can't contact LDAP server
> rlm_ldap: (re)connection attempt failed
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns fail for request 1
> modcall: group authorize returns fail for request 1
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...

  Pelos logs ele apenas não consegue abrir uma conexão seguro com o 
servidor LDAP (Can't contact LDAP server). Tente utilizar algum 
comando (não lembro de cabeça) você mesmo para abrir essa conexão 
utilizando os certificados que definiu para o radiusd.

Boa sorte,

--
Giovanni P. Tirloni
tirloni.org

_______________________________________________________________
Para enviar um novo email para a lista: freebsd em fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Mais detalhes sobre a lista de discussão freebsd