[strongSwan] Strongswan with freeradius on Debian server
Sabrina Louison-francois
sabrina.louison-francois at ens-cachan.fr
Tue Apr 30 14:38:09 CEST 2013
My freeradius is already configured to use LDAP since we use "eduroam"
in our university (2007). On my strongwan server, a radtest command is
ok with the user I want. But through ipsec.secrets, it doesn't work
properly.
Sorry to bother you. I'll probably end up finding the solution.
Regards,
Sabrina
Le 30/04/2013 14:30, Andreas Steffen a écrit :
> Hello Sabrina,
>
> the strongSwan ldap plugin is used for CRL fetching only. If you want
> to store your user credentials on an LDAP server then you have to
> configure the Freeradius server accordingly. I think there is sufficient
> information available from the Internet on how to do this, e.g.
>
> http://wiki.freeradius.org/protocol/LDAP
>
> Regards
>
> Andreas
>
> On 04/30/2013 02:15 PM, Sabrina Louison-francois wrote:
>> Le 25/04/2013 15:35, Sabrina a écrit :
>>> Thanks for your help. But I had my TLS problem again. I had to add all
>>> the certificates chain of my radius server into my client
>>> ipsec.d/cacerts to make it work.
>>>
>> I'm sorry to return with the same problem but I can't make it work and
>> really don't know where to look at. Everything is working well with a
>> cleartext password in /etc/freeradius/users.
>>
>> But when I try with a ldap user's, the password is not sent... and
>> radius server says "Login incorrect".
>>
>> Is there a way to make it work with an ldap authentication ? Ldap
>> plugins is loaded on my strongswan server.
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
More information about the Users
mailing list