[Date Prev][Date Next] [Chronological] [Thread] [Top]


On Wed, 2 Jul 2003, Ron Wahler wrote:

> Are you connecting on port 389 or 636?


> Is it that TLS works ?  what
> About SSH on port 636 ? anyone get that working ?

It's using StartTLS here.

> Did you have to tell FreeRadius where the certificates were ?


> or
> Is the start_tls=yes all you have to do on the client side to 
> Get LDAP to connect with TLS on port 389 ?

 From my previous post:
start_tls = yes
tls_mode = no

Here is some of the radiusd debug output from a test login of user
"imbogus" using Auth-Type LDAP with StartTLS:

rlm_ldap: - authenticate
rlm_ldap: login attempt by "imbogus" with password "notagoodpassword"
ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to test_ldap.owu.edu:389, authentication 0
rlm_ldap: starting TLS
rlm_ldap: bind as / to test_ldap.owu.edu:389
rlm_ldap: waiting for bind result ...
ldap_release_conn: Release Id: 0
rlm_ldap: user DN: uid=imbogus,ou=TestAccounts,dc=owu,dc=edu
rlm_ldap: (re)connect to test_ldap.owu.edu:389, authentication 1
rlm_ldap: starting TLS
rlm_ldap: bind as uid=imbogus,ou=TestAccounts,dc=owu,dc=edu/notagoodpassword to test_ldap.owu.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user imbogus authenticated succesfully
Sending Access-Accept of id 206 to

The freeRADIUS server used above was built and run on a RedHat Linux
9.0 box with all kernel and package updates.

Since we're definitely getting off topic here, you may wish to contact
me directly if you need more details. Also read doc/rlm_ldap in your
freeRADIUS build directory for descriptions of LDAP configuration
options and what they do.

> Ron

Kirk Turner-Rustin
Ohio Wesleyan University