TLS negotiation failure
Stephen
Am following the pdf guide by andrea, I've edited sshd_config and I've
tried restarting ssh but it comes back with:
Jan 27 07:31:02 xxx slapd[32104]: conn=19 fd=15 ACCEPT from
IP=127.0.0.1:42740 (IP=127.0.0.1:636)
Jan 27 07:31:02 xxx slapd[32104]: conn=19 fd=15 closed (TLS
negotiation failure)
sshd_config:
UsePAM yes
UseLPK yes
LpkLdapConf /etc/ldap.conf
/etc/ldap.conf:
ldap_version 3
scope sub
timelimit 3
bind_timelimit 3
bind_policy hard
idle_timelimit 3600
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
#pam_password exop
#pam_filter accessLevel=srv1.gentoo.org
uri ldaps://127.0.0.1
suffix "dc=xxx,dc=com,dc=au"
base ou=users,dc=xxx,dc=com,dc=au
nss_base_passwd ou=users,dc=xxx,dc=com,dc=au
nss_base_shadow ou=users,dc=xxx,dc=com,dc=au
nss_base_group ou=users,dc=xxx,dc=com,dc=au
ssl start_tls
tls_checkpeer no
tls_reqcert allow
tls_cacertfile /etc/ldap/ssl/client/ca-cert.pem
tls_cert /etc/ldap/ssl/client/cert.pem
tls_key /etc/ldap/ssl/client/key.pem
/etc/slapd.conf:
# TLS
security tls=1
TLSCertificateFile /etc/ldap/tls/ldap.cert
TLSCertificateKeyFile /etc/ldap/tls/ldap.key
TLSCACertificateFile /etc/ldap/ssl/ca-cert.pem
TLSVerifyClient allow