[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS / SSL




Are you connecting on port 389 or 636?  Is it that TLS works ? what
About SSH on port 636 ? anyone get that working ?

Did you have to tell FreeRadius where the certificates were ? or
Is the start_tls=yes all you have to do on the client side to 
Get LDAP to connect with TLS on port 389 ?

Ron



> -----Original Message-----
> From: Kirk Turner-Rustin [mailto:ktrustin@owu.edu]
> Sent: Wednesday, July 02, 2003 7:28 AM
> To: Pierre Burri
> Cc: OpenLDAP
> Subject: Re: TLS / SSL
> 
> On Wed, 2 Jul 2003, Pierre Burri wrote:
> 
> > Just a confirmation of what Kent says. I have also tried to put the
> client
> > certificate declaration in ldap.conf and gut TLS errors. After
puting
> them in
> > /home/username/.ldaprc , everything worked fine.
> >
> > Another thing about SSL/TLS. I don't know either this client
freeradius.
> > The client "gq" which is excellent doesn't work with SSL but works
very
> well
> > with TLS. Are you sure freeradius works with SSL, did you try with
TLS
> (Port
> > 389 + some TLS switch) ?
> 
> freeRADIUS 0.8.1 plus TLS works fine here in a test implementation
with
> OpenLDAP 2.1.17 running under RedHat Linux 7.2.
> 
> The 'ldap' clause in our /etc/raddb/radiusd.conf contains:
> 
>     ldap {
> 	server = "test_ldap.owu.edu"
> 	basedn = "ou=TestAccounts,dc=owu,dc=edu"
> 	filter =
> "(&(uid=%{Stripped-User-Name:-%{User-
>
Name}})(|(owueduaccountprimaryaffiliation=faculty)(owueduaccountprimarya
ff
>
iliation=admin)(owueduaccountprimaryaffiliation=retired)(owueduaccountpr
im
> aryaffiliation=vip)))"
> 	start_tls = yes
> 	tls_mode = no
> 	timeout = 4
> 	timelimit = 3
> 	net_timeout = 1
>     }
> 
> --
> Kirk Turner-Rustin
> Programmer/Analyst
> Ohio Wesleyan University
> http://www.owu.edu
> ktrustin@owu.edu