(RADIATOR) 3.11 -> 3.13 ldaps problems
Andrew D. Clark
andrew.clark at ucsb.edu
Fri Oct 7 14:04:43 CDT 2005
Hi all.
I recently attempted to upgrade from 3.11 to 3.13, which broke my ldaps
handler. I now get the following error when I attempt to connect:
Fri Oct 7 12:00:12 2005: INFO: Attempting to bind to LDAP server
directory.ucsb.edu:636
Fri Oct 7 12:00:12 2005: ERR: Could not bind connection with , , error:
LDAP_INAPPROPRIATE_AUTH (server directory.ucsb.edu:636)
Fri Oct 7 12:00:12 2005: ERR: Backing off from directory.ucsb.edu:636 for 30
seconds.
Thinking that perhaps it now really wants the
SSLCAClientCert and SSLCAClientKey set as the goodies indicates, I set
SSLCAClientCert to point to an actual cert, which then causes radiusd to
crash on the next attempted ldaps connection.
Here's my ldaps config, which is included at various points within various
ldaps handlers:
Host directory.ucsb.edu
BaseDN o=ucsb
UsernameAttr uid
PasswordAttr passwd
ServerChecksPassword
# You can enable debugging of the Net::LDAP
# module with this:
Debug 255
UseSSL
# If you set UseSSL or UseTLS, also need to set these:
SSLCAFile /etc/ssl/cert.pem
#SSLCAClientCert /usr/local/etc/ssl/certs/noc.ucsb.edu.crt
#SSLCAClientCert ldapcertificates/clientcrt.pem
#SSLCAClientKey ldapcertificates/clientkey.pem
#HoldServerConnection
# Timeout 2
# Failure backoff Default is 10 minutes - i'm using 30 sec
FailureBackoffTime 30
--
Andrew Clark
Campus Network Programmer
University of California, Santa Barbara
andrew.clark at ucsb.edu (805) 893-5311
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list