Environment
Novell SUSE Linux Enterprise Server 10
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 11
Novell SUSE Linux Enterprise Server 9
Novell SUSE Linux Enterprise Server 11
FreeRADIUS
eDirectory
Situation
The Radius daemon was loaded with the -X option to run the radius server in debug mode and authentication failed.
It was not clear from the debug output for what reason it failed.
If you include in the radiusd.conf file in the LDAP section the following entry you will get LDAP debug output:
ldap_debug =0xFFFF
This output showed that the server name in the DN attribute of the eDirectory LDAP server certificate was not matching with the hostname of the LDAP server
causing the TLS connection to fail.
It was not clear from the debug output for what reason it failed.
If you include in the radiusd.conf file in the LDAP section the following entry you will get LDAP debug output:
ldap_debug =0xFFFF
This output showed that the server name in the DN attribute of the eDirectory LDAP server certificate was not matching with the hostname of the LDAP server
causing the TLS connection to fail.
Resolution
For troubleshooting FreeRadius LDAP or TLS connection issues include this entry in the radiusd.conf file.