(RADIATOR) Certificate problem

Michal Marciniszyn mmarciniszyn at gity.cz
Fri Jul 8 07:38:05 CDT 2005 

Hi,

I'm trying to connect RADIATOR on NDS. Everything works fine when I use 
NDS withou security turned on. RADIATOR correctly connects through port 389.

However, when I try to connect radiator on NDS with secured ports 
problem appears.
If I connect through port 389 error Confidelity required appears (it 
does not matter at all, since I have to use 636 ldaps port). If I 
connect through 636 port I get this log:
------------------
Code:       Access-Request
Identifier: 40
Authentic:  1234567890123456
Attributes:
        User-Name = "tstois1"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = ***SOMETHING***

Tue Jun 28 15:08:40 2005: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Tue Jun 28 15:08:40 2005: DEBUG:  Deleting session for tstois1, 
203.63.154.1, 1234
Tue Jun 28 15:08:40 2005: DEBUG: Handling with Radius::AuthLDAP2: CheckLDAP
Tue Jun 28 15:08:40 2005: INFO: Connecting to 10.24.4.11, port 636
---------------
and RADIATOR freezes. I have the NDS CA certificate (got it in der 
format, converted into pem format). I have following in my conf file:
----------------------------------------------

<AuthBy LDAP2>
        Identifier      CheckLDAP
#       Log             ldap_log

        Host            10.24.4.11
        Port            389

        AuthDN          cn=tstois1,ou=ict,ou=hsp,o=edu
        AuthPassword    XXXXX

        BaseDN          o=edu
        UsernameAttr    uid
        GetNovellUP

        ##AuthAttrDef     radiusTunnelPrivateGroupID,
        ##                Tunnel-Private-Group-ID, reply

##        EAPType         PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,PAP

        UseSSL
#       SSLVerify               none
        SSLCAFile               /etc/radiator/root.pem

        #AutoMPPEKeys

        #SSLeayTrace 5

        ##AllowInReply            Tunnel-Private-Group-ID
        ##AddToReplyIfNotExist    Tunnel-Private-Group-ID=1:100
        ##AddToReply              Tunnel-Type=1:VLAN,\
        ##                        Tunnel-Medium-Type=1:Ether_802
        HoldServerConnection
        Timeout                 2
        FailureBackoffTime      30

</AuthBy>
-----------------------------------
where root.pem is PEM format CA certificate. Where is the problem? Same 
setting works fine if I use freeradius (i.e. I only set up CAfile).

Michal Marciniszyn

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list