[FUG-BR] TLS

[Anderson Alves de Albuquerque]

 Na minha tela de debug do Freeradius com FreeBSD aparece a tela abixo, 
alguém sabe o que pode ser?


  A comunicacao usa TLS com LDAP. O LDAP ja´ está funcionando com o 
ldapsearch na porta ldaps, sniffei e vejo o tráfego encriptado.
 Quando tento colocar o Radius com LDAP usando TLS tenho problemas. A 
comunicação RADIUS LDAP sem TLS funciona perfeitamente.


 Look my config in radius:
--------------------
        ldap {
                Auth-Type := LDAP

                server="teste.com"
                identity="cn=root,dc=com"
                password=teste
                basedn="ou=users,dc=com"
                filter = (uid=%{Stripped-User-Name:-{User-Name}})
                base_filter = "(objectclass=radiusprofile)"
                password_attribute = userPassword
                dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap
                ldap_cache_timeout = 320
                ldap_cache_size = 0
                ldap_connections_number = 10
                timeout = 3
                timelimit = 5
                net_timeout = 1
                compare_check_items = no

                port=636
                start_tls = no
                tls_mode = no
                tls_cacertfile = /usr/var/openldap-data/cacert.pem
                tls_certfile = /usr/var/opendalp-data/ldap.client.pem
                tls_keyfile = /usr/var/openldap-data/ldap.client.key.pem
                tls_require_cert = "demand"
        }
-------------------



 Look my debug:
--------------------
User-Name = "digo"
        CHAP-Password = 0x35a7441d3124adc1718fe869aa81b073e3
        NAS-IP-Address = x.y.z.5
        NAS-Identifier = "UFRJGK"
        NAS-Port-Type = Virtual
        Service-Type = Login-User
        CHAP-Challenge = 0x41fd554e
        Framed-IP-Address = x.y.z.8
        Cisco-AVPair = "h323-ivr-out=terminal-alias:"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anderson
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to xxx.com:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /usr/var/openldap-data/cacert.pem
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to /usr/var/opendalp-data/ldap.client.pem
rlm_ldap: setting TLS Key File to  
/usr/var/openldap-data/ldap.client.key.pem
rlm_ldap: bind as cn=root,dc=com/xxx.com:636
rlm_ldap: cn=root,dc=com  bind to xxx.com:636 failed:
Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
-------------------



_______________________________________________________________
Para enviar um novo email para a lista: freebsd@fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/