[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP with TLS Enable/Disable not working



On 6/20/19 7:00 PM, Sunkad, Abhilash wrote:
> I am facing a strange problem. I am using FreeRadius 3.16 version for my
> Proxy authentication.
> 
> I have an AD server and I make an authentication request enabling TLS.
> So the TLS connection passes and authentication is successful.
> 
> Now I have one more LDAP server where its non TLS. Now if I make a call,
> even though TLS is disabled on this server, Client tries to make a TLS
> connection and fails. I have tried freeing connections but with no luck.
> Please help.

First of all you should not use different security settings. Depending
on your RADIUS config the users' passwords are sent in clear to the LDAP
server when TLS is not used.

I suspect that the policy in section tls {} within the section ldap {}
in FreeRADIUS config is applied to all servers. Which makes sense
because you want all servers in a pool to have the same security level.

This is rather a FreeRADIUS question though and you might better ask on
their mailing list (see https://freeradius.org/community/).

Ciao, Michael.