Background :

I am trying to implement OKTA authentication for Arista WiFi. Arista only supports Radius and that too only CHAP protocol, So using Okta's radius agent is not an option.

Potential solution:

Using FreerRadius server with OKTA LDAP integration in the backend.

I have installed and configured freeradius server on ubuntu 20.04 but it's not able to communicate with OKTA's LDAP interface. I am not using TLS certificate for OKTA's LDAP interface and I have not enabled it on FreeRadius server's LDAP module . Still getting following TLS error.

freeradius.service - FreeRADIUS multi-protocol policy server

   Loaded: loaded (/lib/systemd/system/freeradius.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

    Docs: man:radiusd(8)

       man:radiusd.conf(5)

       http://wiki.freeradius.org/

       http://networkradius.com/doc/

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205432]: Ignoring "sql" (see raddb/mods-available/README.rst)

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205432]: * Skipping contents of 'if' as it is always 'false' -- /etc/freera>

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205432]: radiusd: **** Skipping IP addresses and Ports ****

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205432]: Configuration appears to be OK

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205432]: rlm_ldap (ldap): Removing connection pool

Mar 30 14:31:57 radius2193.ewr2.xxx.local freeradius[205449]: TLS: can't connect: (unknown error code).

Mar 30 14:31:57 radius2193.ewr2.xxx.local systemd[1]: freeradius.service: Main process exited, code=exited, status=1/FAILURE

Mar 30 14:31:57 radius2193.ewr2.xxx.local systemd[1]: freeradius.service: Failed with result 'exit-code'.

Mar 30 14:31:57 radius2193.ewr2.xxx.local systemd[1]: Failed to start FreeRADIUS multi-protocol policy server.

Mar 30 14:31:58 radius2193.ewr2.xxx.local systemd[1]: Stopped FreeRADIUS multi-protocol policy server.