I am using GnuGK to acess RADIUS with TLS, then Radius find username and
password in LDAP+TLS and
return to GNUGK CISCO-AV-Pair. When I use whithout TLS all OKAY but with
TLS there is the problem
that I describe below.
I have a problem with RADIUS+TLS to access LDAP+TLS. Does someone culd
help me?
My test with ldapsearch+tls to access ldap server+tls is OKAY but the
RADIUS+TLS is not okay.
Look my config in radius:
--------------------
ldap {
Auth-Type := LDAP
server="teste.com"
identity="cn=root,dc=com"
password=teste
basedn="ou=users,dc=com"
filter = (uid=%{Stripped-User-Name:-{User-Name}})
base_filter = "(objectclass=radiusprofile)"
password_attribute = userPassword
dictionary_mapping = /usr/local/etc/raddb/ldap.attrmap
ldap_cache_timeout = 320
ldap_cache_size = 0
ldap_connections_number = 10
timeout = 3
timelimit = 5
net_timeout = 1
compare_check_items = no
port=636
start_tls = no
tls_mode = no
tls_cacertfile = /usr/var/openldap-data/cacert.pem
tls_certfile = /usr/var/opendalp-data/ldap.client.pem
tls_keyfile = /usr/var/openldap-data/ldap.client.key.pem
tls_require_cert = "demand"
}
-------------------
Look my debug:
--------------------
User-Name = "digo"
CHAP-Password = 0x35a7441d3124adc1718fe869aa81b073e3
NAS-IP-Address = x.y.z.5
NAS-Identifier = "UFRJGK"
NAS-Port-Type = Virtual
Service-Type = Login-User
CHAP-Challenge = 0x41fd554e
Framed-IP-Address = x.y.z.8
Cisco-AVPair = "h323-ivr-out=terminal-alias:"
rlm_ldap: - authorize
rlm_ldap: performing user authorization for anderson
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to xxx.com:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to /usr/var/openldap-data/cacert.pem
rlm_ldap: setting TLS Require Cert to never
rlm_ldap: setting TLS Cert File to /usr/var/opendalp-data/ldap.client.pem
rlm_ldap: setting TLS Key File to
/usr/var/openldap-data/ldap.client.key.pem
rlm_ldap: bind as cn=root,dc=com/xxx.com:636
rlm_ldap: cn=root,dc=com bind to xxx.com:636 failed:
Can't contact LDAP server
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
-------------------
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
