Hi All,
I am facing a strange problem. I am using FreeRadius 3.16 version for my Proxy authentication. I have an AD server and I make an authentication request enabling TLS. So the TLS connection passes and authentication is successful. Now I have one more LDAP server where its non TLS. Now if I make a call, even though TLS is disabled on this server, Client tries to make a TLS connection and fails. I have tried freeing connections but with no luck. Please help.
Thanks Abhilash
On 6/20/19 7:00 PM, Sunkad, Abhilash wrote:
I am facing a strange problem. I am using FreeRadius 3.16 version for my Proxy authentication.
I have an AD server and I make an authentication request enabling TLS. So the TLS connection passes and authentication is successful.
Now I have one more LDAP server where its non TLS. Now if I make a call, even though TLS is disabled on this server, Client tries to make a TLS connection and fails. I have tried freeing connections but with no luck. Please help.
First of all you should not use different security settings. Depending on your RADIUS config the users' passwords are sent in clear to the LDAP server when TLS is not used.
I suspect that the policy in section tls {} within the section ldap {} in FreeRADIUS config is applied to all servers. Which makes sense because you want all servers in a pool to have the same security level.
This is rather a FreeRADIUS question though and you might better ask on their mailing list (see https://freeradius.org/community/).
Ciao, Michael.
openldap-technical@openldap.org
-
Michael Ströder -
Sunkad, Abhilash