[RADIATOR] LDAPS Certificate questions with AuthBy LDAP2
hugh at open.com.au
Mon Jul 19 18:00:19 CDT 2010
Hello Mark -
See sections 5.36.3 and 5.36.4 in the Radiator 4.6 reference manual ("doc/ref.pdf").
On 20 Jul 2010, at 08:42, Mark Bassett wrote:
> My question is in regards to the SSLCAClientCert and SSLCAClientKey parameters. What certificate files is it looking for? I have the CA cert in /etc/openldap/cacerts.
> Do I just need to generate a local certificate for the radiator server to use and provide it’s pem and key files?
> It’s currently working now with SSLVerify none, but I would like to require verification.
> <AuthBy LDAP2>
> Identifier CheckAD
> Host blablablaa
> #SSLeayTrace 4
> #Debug 255
> Version 3
> # Microsoft AD also listens on port 3268, and
> # requests received on that port are reported to be
> # more compliant with standfard LDAP, so you may want to use:
> Port 636
> SSLVerify none
> SSLCAPath /etc/openldap/cacerts
> AuthDN CN=BlaBlaBla,DC=com
> # AuthPassword yourADadminpasswordhere
> AuthPassword BLAHBLAH
> BaseDN dc=blah,dc=com
> UsernameAttr sAMAccountName
> #PasswordAttr userPassword
> #AuthAttrDef logonHours,MS-Login-Hours,check
> radiator mailing list
> radiator at open.com.au
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator