On 06/02/2011 11:30 PM, w.sieb...@t-systems.com wrote: > a simple question: TLS/SSL securing connection Radiator <=> LDAP2 > Server. There is a little StepByStep Guide? Realy minimal, without SSL > Verify … > > I think so, a minimal prerecvisite is a certificate. How can I install > it and bind on Radiator connection to LDAP-Server?
You can check goodies/ldap.cfg and goodies/edirectory.cfg for examples. The reference manual ref.pdf also contains information about TLS/SSL in section "5.37 <AuthBy LDAP2>" The minimum would be to configure UseTLS or UseSSL and then specify the trusted CA certificate with EAPTLS_CAFile. Radiator will require a valid certificate from the LDAP server but does not specify a certificate itself. UseTLS # Radiator trusts certs signed by this CA EAPTLS_CAFile %D/certs/cacert.pem If the client (Radius server) needs to authenticate SSL/TLS connection to the LDAP server, the following should work: UseTLS # Radiator trusts certs signed by this CA EAPTLS_CAFile %D/certs/cacert.pem # These are needed if Radiator has to send a certificate EAPTLS_CertificateFile %D/certs/radius-cert.pem EAPTLS_CertificateType PEM EAPTLS_PrivateKeyFile %D/certs/radius-key.pem EAPTLS_PrivateKeyPassword keypw For TLS/SSL support, you need to install Perl modules and openssl. IO::Socket::SSL, Net::SSLeay and openssl are required. Best regards, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
