My question is in regards to the SSLCAClientCert and SSLCAClientKey
parameters. What certificate files is it looking for? I have the CA
cert in /etc/openldap/cacerts.
Do I just need to generate a local certificate for the radiator server
to use and provide it's pem and key files?
It's currently working now with SSLVerify none, but I would like to
require verification.
<AuthBy LDAP2>
Identifier CheckAD
Host blablablaa
#SSLeayTrace 4
#Debug 255
Version 3
# Microsoft AD also listens on port 3268, and
# requests received on that port are reported to be
# more compliant with standfard LDAP, so you may want to use:
Port 636
UseSSL
SSLVerify none
SSLCAPath /etc/openldap/cacerts
AuthDN CN=BlaBlaBla,DC=com
# AuthPassword yourADadminpasswordhere
AuthPassword BLAHBLAH
BaseDN dc=blah,dc=com
ServerChecksPassword
UsernameAttr sAMAccountName
#PasswordAttr userPassword
#AuthAttrDef logonHours,MS-Login-Hours,check
</AuthBy>
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
