problem with freeradius and ldaps (Active Directory)

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

problem with freeradius and ldaps (Active Directory)

Roberto S. G.
Hi,

I'm trying to configure freeradius (1.0.1) to use an ldaps server
(without start_tls, it's an Active Directory).
But I'm not able to obtain any response. In fact, the freeradius crashes
with just a:

rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1074, id=88,
length=29
Discarding duplicate request from client localhost:1074 - ID: 88

(client is localhost because I was using radclient, but remote attempts
show the same behaviour).

Normal ldap against the same server is correct. For the ldaps
configuration I've added just:
port = 636
tls_require_cert        = "never"

though even with the server certificate:
tls_certfile    = ./certs/xxxx_cacert.pem

the result is the same.
I don't know which is the problem exactly...

Has anyone sucessfully configured freeradius against an Active Directory
with LDAPS?
Any ideas are apreciated.

thanks.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: problem with freeradius and ldaps (Active Directory)

Alan DeKok
"Roberto S. G." <[hidden email]> wrote:
> But I'm not able to obtain any response. In fact, the freeradius crashes
> with just a:
>
> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1074, id=88,
> length=29
> Discarding duplicate request from client localhost:1074 - ID: 88

  It's not a crash.  It's telling you that it's still processing the
previous request.

> Has anyone sucessfully configured freeradius against an Active Directory
> with LDAPS?

  Yes.

  Run the server in debugging mode to see where it hangs.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: problem with freeradius and ldaps (Active Directory)

Jose Tomas Ochayta
In reply to this post by Roberto S. G.
I'm using freeradius 1.0.2 with ldaps. I had the same problem
(freeradius crash) due, I think, to a bug in openldap or openssl
libraries. Now I have it working with stunnel to add the ssl layer.

Jose T.

Roberto S. G. wrote:

> Hi,
>
> I'm trying to configure freeradius (1.0.1) to use an ldaps server
> (without start_tls, it's an Active Directory).
> But I'm not able to obtain any response. In fact, the freeradius
> crashes with just a:
>
> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1074, id=88,
> length=29
> Discarding duplicate request from client localhost:1074 - ID: 88
>
> (client is localhost because I was using radclient, but remote
> attempts show the same behaviour).
>
> Normal ldap against the same server is correct. For the ldaps
> configuration I've added just:
> port = 636
> tls_require_cert        = "never"
>
> though even with the server certificate:
> tls_certfile    = ./certs/xxxx_cacert.pem
>
> the result is the same.
> I don't know which is the problem exactly...
>
> Has anyone sucessfully configured freeradius against an Active
> Directory with LDAPS?
> Any ideas are apreciated.
>
> thanks.
>
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: problem with freeradius and ldaps (Active Directory)

Roberto S. G.
In reply to this post by Roberto S. G.
Hi,

I'd like to thank you, Jose and Alan, for your information, and share my
solution with u all:
I've finally installed stunnel in order to provide SSL to the connection
with LDAPS. freeradius is configured to connect with LDAP locally, and
stunnel takes this local connection and makes the SSL to the LDAPS
server. It runs smoothly!.
I was unable to make freeradius 1.0.1 or 1.0.0 to run with LDAPS... no
way... (it seemed that it didn't manage correctly LDAPS).

thanks.

 >From: Jose Tomas Ochayta <[hidden email]>
 >Subject: Re: problem with freeradius and ldaps (Active Directory)

 >I'm using freeradius 1.0.2 with ldaps. I had the same problem
(freeradius crash) due,
 >I think, to a bug in openldap or openssl libraries.
 >Now I have it working with stunnel to add the ssl layer.
 >Jose T.

 >>> Hi,
 >>>
 >>> I'm trying to configure freeradius (1.0.1) to use an ldaps server
 >>> (without start_tls, it's an Active Directory).
 >>> But I'm not able to obtain any response. In fact, the freeradius
 >>> crashes with just a:
 >>>
 >>> rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1074, id=88,
 >>> length=29
 >>> Discarding duplicate request from client localhost:1074 - ID: 88
 >>>
 >>> (client is localhost because I was using radclient, but remote
 >>> attempts show the same behaviour).
 >>>
 >>> Normal ldap against the same server is correct. For the ldaps
 >>> configuration I've added just:
 >>> port = 636
 >>> tls_require_cert        = "never"
 >>>
 >>> though even with the server certificate:
 >>> tls_certfile    = ./certs/xxxx_cacert.pem
 >>>
 >>> the result is the same.
 >>> I don't know which is the problem exactly...
 >>>
 >>> Has anyone sucessfully configured freeradius against an Active
 >>> Directory with LDAPS?
 >>> Any ideas are apreciated.
 >>>
 >>> thanks.
 >>>
 >>>
 >>> - List info/subscribe/unsubscribe? See
 >>> http://www.freeradius.org/list/users.html
 >>>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html