(RADIATOR) Bug: still problems with AuthLDAP2 and TLS
Karl Gaissmaier
karl.gaissmaier at rz.uni-ulm.de
Mon Jul 8 02:00:14 CDT 2002
Hi Hugh or Mike,
short: The second time after starting a StartTLS connection against
an OpenLDAP Server the radiusd crashes, the first time after start
it works well.
The radiusd crashes with the following error message:
Can't call method "get_context_handle" without a package or object reference
at /radiator/perl/lib/site_perl/5.6.1/IO/Socket/SSL.pm line 602.
the config file loooks as following:
<Handler Client-Identifier=localhost, Called-Station-Id=DIALIN>
<AuthBy LDAP2>
Host asdf.xy.uni-ulm.de
Port 9999
Version 3
UseTLS
SSLVerify none
AuthDN cn=foo,ou=bar,ou=baz,dc=uni-ulm,dc=de
AuthPassword mysecret
NoDefault
BaseDN ou=foo,dc=uni-ulm,dc=de
Scope one
UsernameAttr uid
PasswordAttr userpassword
</AuthBy>
</Handler>
the debug output for the first and second test with radpwtest looks
like:
FIRST CALL, everything okay
*** Received from 134.60.246.8 port 33376 ....
Code: Access-Request
Identifier: 175
Authentic: 1234567890123456
Attributes:
User-Name = "foo"
Service-Type = Annex-Framed-Tunnel
NAS-IP-Address = 0.0.0.0
NAS-Port = 0
NAS-Port-Type = Async
Framed-IP-Address = 0.0.0.0
User-Password = "<157><226>><193><198>2t<129><188>8<9><160><216>}x<153>"
Called-Station-Id = "DIALIN"
Mon Jul 8 08:41:26 2002: DEBUG: Handling request with Handler 'Client-Identifie
r=localhost, Called-Station-Id=DIALIN'
Mon Jul 8 08:41:26 2002: DEBUG: Deleting session for dialin, 0.0.0.0, 0
Mon Jul 8 08:41:26 2002: DEBUG: Handling with Radius::AuthLDAP2:
Mon Jul 8 08:41:26 2002: INFO: Connecting to asdf.xy.uni-ulm.de, port 9999
Mon Jul 8 08:41:26 2002: DEBUG: Starting TLS
Mon Jul 8 08:41:26 2002: INFO: StartTLS negotiated with cipher mode DES-CBC3-SHA
Mon Jul 8 08:41:26 2002: INFO: Attempting to bind with cn=foo,ou=bar
,ou=baz,dc=uni-ulm,dc=de, mysecret (server asdf.xy.uni-ulm.de:9999)
Mon Jul 8 08:41:26 2002: DEBUG: LDAP got result for cn=foo,ou=bar,dc=uni-ulm,dc=de
Mon Jul 8 08:41:26 2002: DEBUG: LDAP got userPassword: {CRYPT}.........
Mon Jul 8 08:41:26 2002: DEBUG: Radius::AuthLDAP2 looks for match with dialin
Mon Jul 8 08:41:26 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Mon Jul 8 08:41:26 2002: DEBUG: Access accepted for dialin
Mon Jul 8 08:41:26 2002: DEBUG: Packet dump:
*** Sending to 134.60.246.8 port 33376 ....
Code: Access-Accept
Identifier: 175
Authentic: 1234567890123456
Attributes:
SECOND CALL, SERVER CRASHES
*** Received from 134.60.246.8 port 33377 ....
Code: Access-Request
Identifier: 180
Authentic: 1234567890123456
Attributes:
User-Name = "foo"
Service-Type = Annex-Framed-Tunnel
NAS-IP-Address = 0.0.0.0
NAS-Port = 0
NAS-Port-Type = Async
Framed-IP-Address = 0.0.0.0
User-Password = "<157><226>><193><198>2t<129><188>8<9><160><216>}x<153>"
Called-Station-Id = "DIALIN"
Mon Jul 8 08:41:31 2002: DEBUG: Handling request with Handler 'Client-Identifie
r=localhost, Called-Station-Id=DIALIN'
Mon Jul 8 08:41:31 2002: DEBUG: Deleting session for foo, 0.0.0.0, 0
Mon Jul 8 08:41:31 2002: DEBUG: Handling with Radius::AuthLDAP2:
Mon Jul 8 08:41:31 2002: INFO: Connecting to asdf.xy.uni-ulm.de, port 9999
Mon Jul 8 08:41:31 2002: DEBUG: Starting TLS
<<<<<<<<<<<<< here the server crashes >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Used versions:
Radiator 3.1 with current patches
Perl 5.6.1
IO::Socket::SSL 0.80
perl-ldap 0.251
SunOS 5.9
Regards
Charly
--
Karl Gaissmaier Computing Center,University of Ulm,Germany
Email:karl.gaissmaier at rz.uni-ulm.de Network Administration
Tel.: ++49 731 50-22499
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list