(RADIATOR) AuthLDAP2, missing manual pages and problems with UseTLS
Mike McCauley
mikem at open.com.au
Wed Jul 3 17:29:22 CDT 2002
Hi Karl,
thanks for your report.
We have now made the default for SSLCAFile an empty string, as you suggested.
Thanks again for all your contributions.
Cheers.
On Thu, 4 Jul 2002 02:55, Karl Gaissmaier wrote:
> Hi Mike,
>
> got the solution for the StartTLS problem with AuthLDAP2:
>
> Karl Gaissmaier schrieb:
> > Hi Mike or Hugh,
> >
> > I'd like to use AuthLDAP2 with StartTLS. I can't find any doku
> > in the reference manual but in the code I find the parameters.
> >
> > Anyway, if I try it with:
> >
> > <Handler Client-Identifier=localhost, Called-Station-Id=DIALIN>
> > <AuthBy LDAP2>
> > Host xxx.yyy.uni-ulm.de
> > Port zzzz
> > Version 3
> > UseTLS
> > SSLVerify none
> > AuthDN
> > cn=foo,ou=bar,ou=baz,dc=uni-ulm,dc=de AuthPassword mysecret
> > NoDefault
> > BaseDN ou=foo,dc=uni-ulm,dc=de
> > Scope one
> > UsernameAttr uid
> > PasswordAttr userpassword
> > </AuthBy>
> > </Handler>
> >
> > I get the following error:
> >
> > Mon Jul 1 17:08:32 2002: DEBUG: Handling request with Handler
> > 'Client-Identifier=localhost, Called-
> > Station-Id=DIALIN'
> > Mon Jul 1 17:08:32 2002: DEBUG: Deleting session for dialin, 0.0.0.0, 0
> > Mon Jul 1 17:08:32 2002: DEBUG: Handling with Radius::AuthLDAP2:
> > Mon Jul 1 17:08:32 2002: INFO: Connecting to frago.rz.uni-ulm.de, port
> > 9999 Mon Jul 1 17:08:32 2002: DEBUG: Starting TLS
> > Mon Jul 1 17:08:32 2002: ERR: StartTLS failed: Operations error
>
> the problem is with inconsistencies between the newest versions of
> IO::Socket::SSL and net-ldap as it is already discussed in the
> perl-ldap-dev mailinglist.
>
> I downgraded to IO::Socket::SSL 0.80 and it works so far:
>
> Wed Jul 3 18:36:37 2002: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Jul 3 18:36:37 2002: INFO: Connecting to foo.bar.uni-ulm.de, port xyz
> Wed Jul 3 18:36:37 2002: DEBUG: Starting TLS
> Wed Jul 3 18:36:38 2002: INFO: StartTLS negotiated with cipher mode
> DES-CBC3-SHA Wed Jul 3 18:36:38 2002: INFO: Attempting to bind with
> cn=xyzxyz,ou=baz ,ou=foo,dc=uni-ulm,dc=de, xyzxyz (server
> asdf.as.uni-ulm.de:9999)
> Wed Jul 3 18:36:38 2002: DEBUG: LDAP got result for
> cn=xyzxyz,ou=baz,dc=uni- ulm,dc=de
> Wed Jul 3 18:36:38 2002: DEBUG: LDAP got userPassword: {CRYPT}.........
> Wed Jul 3 18:36:38 2002: DEBUG: Radius::AuthLDAP2 looks for match with
> xyzxyz Wed Jul 3 18:36:38 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Wed Jul 3 18:36:38 2002: DEBUG: Access accepted for xyzxyz
>
> the relevant radiator config file snippet is (no other things must be
> configured dealing with certs and keys):
>
> Version 3
> UseTLS
> SSLVerify none
> SSLCAFile
>
> I use verify=none, cause I will not check in the moment the server
> certificate. Anyway I have to set the argument SSLCAFile with an empty
> value, elsewhere the radiator crashes with the following error message:
>
> Can't call method "get_context_handle" without a package or object
> reference at /radiator/perl/lib/site_perl/5.6.1/IO/Socket/SSL.pm line 602.
>
>
> I think this could be corrected by Mike with an proper SSLCAFile empty
> default value, if the SSLVerify is "none" or better validation of the
> config input before calling the underlying modules like Net::LDAP and
> Net::LDAPS.
>
> Regards
> Charly
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list