(RADIATOR) LDAP problem 3.14->3.15
Hugh Irvine
hugh at open.com.au
Wed Sep 20 17:59:06 CDT 2006
Hello Roel -
You can turn on LDAP debugging by adding the following to your AuthBy
LDAP2 clause:
<AuthBy LDAP2>
.....
Debug 255
</AuthBy>
This will show you the Radiator end of the LDAP conversation.
You should also check the LDAP server logs to see what it is doing.
From what you say it sounds like a problem with SSL - probably at
the server end.
regards
Hugh
On 21 Sep 2006, at 00:32, R.H.Hoek wrote:
> Hello,
>
> Since our upgrade from 3.14 to 3.15 we have problems with one of
> our LDAP-connections.
> With 3.14 all was working fine. I have installed the latest patches.
>
> The error message is:
>
> Wed Sep 20 00:01:37 2006: DEBUG: Handling with Radius::AuthLDAP2:
> nixxieldaptestacc
> Wed Sep 20 00:01:37 2006: INFO: Connecting to 123.45.2.78:636
> Wed Sep 20 00:01:37 2006: INFO: Attempting to bind to LDAP server
> 123.45.2.78:636
> Wed Sep 20 00:01:37 2006: ERR: Could not bind connection with , ,
> error: LDAP_INAPPROPRIATE_AUTH (server 123.45.2.78:
> 636).
> Wed Sep 20 00:01:37 2006: ERR: Backing off from 123.45.2.78:636 for
> 600 seconds.
>
> The corresponding config is:
> <AuthBy LDAP2>
> Identifier nixxieldaptestacc
> Version 3
> Host 123.45.2.78
> BaseDN ou=Pers, ou=NonP ,o=nixxie
> Scope subtree
> ServerChecksPassword
> SearchFilter cn=%1
> UseSSL
> SSLVerify none
> </AuthBy>
>
> All other LDAP connection don't have problems. These connections
> all use AuthDN and don't use SSL.
>
> How to solve this problem?
>
> --
>
> Groeten,
>
> Roel H.Hoek, Netwerkbeheer
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente, Postbus 217, 7500 AE Enschede
> kmr SP 422, telefoon: 053 - 489 4598, fax: 053 - 489 2383
> e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
> Jabber/Googletalk: rhhoek at gmail.com
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list