(RADIATOR) active directory authldap2

Hugh Irvine hugh at open.com.au
Fri Dec 5 16:56:05 CST 2003 

Hello Chuck -

According to the debug trace, the initial connection attempt to the 
LDAP server (AD) is failing.


> Fri Dec  5 14:14:55 2003: INFO: Connecting to 
> myad.myrealm.somewhere.com, port
> 636
> Fri Dec  5 14:14:55 2003: ERR: Could not open LDAP connection to
> myad.myrealm.somewhere.com, port 636. Backing off for 600 seconds.


In the first instance you will need to verify the IP address and port 
number of the LDAP server.

It is usually _much_ easier to proxy requests to an instance of 
Radiator running on the Windows box and use an AuthBy ADSI clause to 
connect directly to AD.


regards

Hugh


On 06/12/2003, at 7:09 AM, Chuck Byam wrote:

> After searching the archives this question has been asked but I can 
> find no
> definitive answer.
>
> Can radiator running on a "non" windows platform authenticate users 
> against AD
> using SSL and without proxying the requst to a windows based radius 
> server?
> Using the config examples located in the faq and ref man I am unable 
> to get
> this to work.  Could someone who has successfully done this provide 
> some
> insight or config example?
>
>
> <Handler Realm = myrealm.somewhere.com>
>   <AuthBy LDAP2>
>      UseSSL
>      # SSLVerify none
>      Host myad.myrealm.somewhere.com
>      AuthDN radiusbind
>      AuthPassword xxxxxxx
>      BaseDN cn=Users, dc=myrealm, dc=somewhere, dc=com
>      ServerChecksPassword
>      UsernameAttr cn
>   </AuthBy>
> </Handler>
>
>
>
> *** Received from 127.0.0.1 port 32948 ....
> Code:       Access-Request
> Identifier: 88
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "user at myrealm.somewhere.com"
>         Service-Type = Framed-User
>         NAS-IP-Address = 10.4.40.31
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<154><226>,<206><192>\<4><246><188>8<9><160><216>}x<153>"
>
> Fri Dec  5 14:14:55 2003: DEBUG: Handling request with Handler 'Realm =
> myrealm.somewhere.com'
> Fri Dec  5 14:14:55 2003: DEBUG:  Deleting session for
> crb6x at hscs.virginia.edu, 10.4.40.31, 1234
> Fri Dec  5 14:14:55 2003: DEBUG: Handling with Radius::AuthLDAP2:
> Fri Dec  5 14:14:55 2003: INFO: Connecting to 
> myad.myrealm.somewhere.com, port
> 636
> Fri Dec  5 14:14:55 2003: ERR: Could not open LDAP connection to
> myad.myrealm.somewhere.com, port 636. Backing off for 600 seconds.
>
> Thanks,
> -- 
> Chuck
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list