(RADIATOR) 3.11 -> 3.13 ldaps problems

Mike McCauley mikem at open.com.au
Fri Oct 7 17:48:23 CDT 2005 

Hello Andrew,

The log and config file seems to indicate you do not have config file entries 
for AuthDN and AuthPasssword.

Cheers.

On Saturday 08 October 2005 05:04, Andrew D. Clark wrote:
> Hi all.
>
> I recently attempted to upgrade from 3.11 to 3.13, which broke my ldaps
> handler.  I now get the following error when I attempt to connect:
>
> Fri Oct  7 12:00:12 2005: INFO: Attempting to bind to LDAP server
> directory.ucsb.edu:636
> Fri Oct  7 12:00:12 2005: ERR: Could not bind connection with , , error:
> LDAP_INAPPROPRIATE_AUTH (server directory.ucsb.edu:636)
> Fri Oct  7 12:00:12 2005: ERR: Backing off from directory.ucsb.edu:636 for
> 30 seconds.
>
> Thinking that perhaps it now really wants the
> SSLCAClientCert and SSLCAClientKey set as the goodies indicates, I set
> SSLCAClientCert to point to an actual cert, which then causes radiusd to
> crash on the next attempted ldaps connection.
>
> Here's my ldaps config, which is included at various points within various
> ldaps handlers:
>
> Host                    directory.ucsb.edu
>
> BaseDN                  o=ucsb
> UsernameAttr    uid
>
> PasswordAttr    passwd
> ServerChecksPassword
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> Debug 255
>
> UseSSL
> # If you set UseSSL or UseTLS, also need to set these:
> SSLCAFile /etc/ssl/cert.pem
> #SSLCAClientCert /usr/local/etc/ssl/certs/noc.ucsb.edu.crt
> #SSLCAClientCert ldapcertificates/clientcrt.pem
> #SSLCAClientKey ldapcertificates/clientkey.pem
>
> #HoldServerConnection
>
> # Timeout 2
> # Failure backoff Default is 10 minutes - i'm using 30 sec
> FailureBackoffTime 30

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list