"Transport encryption required" when using transport encryption

Question

I'm trying to set up a radius server to authenticate against LDAP, but I'm running into a weird issue:

rlm_ldap (ldap): Bind with radiusd@[domain] to ldaps://localhost:636 failed: Strong(er) authentication required
rlm_ldap (ldap): Server said: BindSimple: Transport encryption required..

As you can see by ldaps://, it is using transport security. What's going on here? How can I fix this?

EDIT: I figured I'd try with starttls. Didn't fix anything:

rlm_ldap (ldap): Bind with radiusd@[domain] to ldap://localhost:389 failed: Strong(er) authentication required
rlm_ldap (ldap): Server said: BindSimple: Transport encryption required..

EDIT 2: The hell? It even does it when I pipe it through stunnel.

rlm_ldap (ldap): Bind with radiusd@[domain] to ldap://localhost:3636 failed: Strong(er) authentication required
rlm_ldap (ldap): Server said: BindSimple: Transport encryption required..

Just a guess but are you using up to date ciphers? Maybe it's negotiating to a poor version? — Jim B, Mar 13 '18 at 01:50
What does ldapsearch say when you try with similar arguments? — Arran Cudbard-Bell, Mar 13 '18 at 01:59

score 0 · Accepted Answer · answered Mar 13 '18 at 02:05

0

Okay, I have no idea what the hell happened, but when I increased my LDAP server's log verbosity in order to debug, the problem just disappeared, and when I put it back it remained gone.

answered Mar 13 '18 at 02:05

Dessa Simpson

491
7
25

"Transport encryption required" when using transport encryption

1 Answers1