[strongSwan] Strongswan with freeradius on Debian server

Sabrina Louison-francois sabrina.louison-francois at ens-cachan.fr
Tue Apr 30 14:38:09 CEST 2013

My freeradius is already configured to use LDAP since we use "eduroam" 
in our university (2007). On my strongwan server, a radtest command is 
ok with the user I want. But through ipsec.secrets, it doesn't work 

Sorry to bother you. I'll probably end up finding the solution.



Le 30/04/2013 14:30, Andreas Steffen a écrit :
> Hello Sabrina,
> the strongSwan ldap plugin is used for CRL fetching only. If you want
> to store your user credentials on an LDAP server then you have to
> configure the Freeradius server accordingly. I think there is sufficient
> information available from the Internet on how to do this, e.g.
>    http://wiki.freeradius.org/protocol/LDAP
> Regards
> Andreas
> On 04/30/2013 02:15 PM, Sabrina Louison-francois wrote:
>> Le 25/04/2013 15:35, Sabrina a écrit :
>>> Thanks for your help. But I had my TLS problem again. I had to add all
>>> the certificates chain of my radius server into my client
>>> ipsec.d/cacerts to make it work.
>> I'm sorry to return with the same problem but I can't make it work and
>> really don't know where to look at. Everything is working well with a
>> cleartext password in /etc/freeradius/users.
>> But when I try with a ldap user's, the password is not sent... and
>> radius server says "Login incorrect".
>> Is there a way to make it work with an ldap authentication ? Ldap
>> plugins is loaded on my strongswan server.
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==

More information about the Users mailing list