[RADIATOR] LDAPS Certificate questions with AuthBy LDAP2

Hugh Irvine hugh at open.com.au
Mon Jul 19 18:00:19 CDT 2010 

Hello Mark -

See sections 5.36.3 and 5.36.4 in the Radiator 4.6 reference manual ("doc/ref.pdf").

regards

Hugh


On 20 Jul 2010, at 08:42, Mark Bassett wrote:

> My question is in regards to the SSLCAClientCert and SSLCAClientKey parameters.  What certificate files is it looking for?  I have the CA cert in /etc/openldap/cacerts. 
>  
> Do I just need to generate a local certificate for the radiator server to use and provide it’s pem and key files?
>  
> It’s currently working now with SSLVerify none, but I would like to require verification.
>  
> <AuthBy LDAP2>
>         Identifier CheckAD
>         Host     blablablaa
>  
>         #SSLeayTrace 4
>         #Debug 255
>         Version 3
>         # Microsoft AD also listens on port 3268, and
>         # requests received on that port are reported to be
>         # more compliant with standfard LDAP, so you may want to use:
>         Port 636
>         UseSSL
>         SSLVerify none
>         SSLCAPath /etc/openldap/cacerts
>         AuthDN CN=BlaBlaBla,DC=com
>         # AuthPassword    yourADadminpasswordhere
>         AuthPassword    BLAHBLAH
>         BaseDN  dc=blah,dc=com
>         ServerChecksPassword
>         UsernameAttr sAMAccountName
>         #PasswordAttr userPassword
>         #AuthAttrDef logonHours,MS-Login-Hours,check
> </AuthBy>
>  
>  
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list