IPsec + ldap xauth

nataans · May 26, 2012, 2:14 PM

Hello all,

I have been testing IPsec on the latest snapshot (built on Fri May 25 18:38:27 EDT 2012 ) and when I set user authentication source to 'LDAP', racoon service seems to fail to start. The logs show the following:

racoon: ERROR: /var/etc/racoon.conf:25: "ldapcfg" racoon not configured with –with-libldap

I have read some older posts regards ldap authentication and people seem to think that racoon has been compiled with ldap option. Can anyone share their thoughts who are experts in this area.

Many thanks,

Andris

jimp · May 26, 2012, 2:49 PM

There was never any proper backend code for IPsec to auth against Radius or LDAP.

We are changing it before 2.1 ships, there's an open ticket yet. There will be a script (like how openvpn does it) so that racoon doesn't need direct knowledge of radius or ldap, it'll call our script and let our script decide if a user is OK or not.

mattderk · Jul 24, 2012, 2:02 PM

I saw in the latest beta build of 2.1 (July 22nd 2012 I think) Xauth LDAP options for ipsec tunnels. When set it seems to fail. Should Xauth and LDAP in ipsec work ?

jimp · Jul 26, 2012, 7:14 PM

No, it doesn't work right now.