[RADIATOR] TLS/SSL securing connection Radiator <=> LDAP2 Server
Heikki Vatiainen
hvn at open.com.au
Fri Jun 3 09:23:25 CDT 2011
On 06/02/2011 11:30 PM, W.Siebert at t-systems.com wrote:
> a simple question: TLS/SSL securing connection Radiator <=> LDAP2
> Server. There is a little StepByStep Guide? Realy minimal, without SSL
> Verify …
>
> I think so, a minimal prerecvisite is a certificate. How can I install
> it and bind on Radiator connection to LDAP-Server?
You can check goodies/ldap.cfg and goodies/edirectory.cfg for examples.
The reference manual ref.pdf also contains information about TLS/SSL in
section "5.37 <AuthBy LDAP2>"
The minimum would be to configure UseTLS or UseSSL and then specify the
trusted CA certificate with EAPTLS_CAFile. Radiator will require a valid
certificate from the LDAP server but does not specify a certificate itself.
UseTLS
# Radiator trusts certs signed by this CA
EAPTLS_CAFile %D/certs/cacert.pem
If the client (Radius server) needs to authenticate SSL/TLS connection
to the LDAP server, the following should work:
UseTLS
# Radiator trusts certs signed by this CA
EAPTLS_CAFile %D/certs/cacert.pem
# These are needed if Radiator has to send a certificate
EAPTLS_CertificateFile %D/certs/radius-cert.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certs/radius-key.pem
EAPTLS_PrivateKeyPassword keypw
For TLS/SSL support, you need to install Perl modules and openssl.
IO::Socket::SSL, Net::SSLeay and openssl are required.
Best regards,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list