(RADIATOR) LDAP problem 3.14->3.15

R.H.Hoek r.h.hoek at utwente.nl
Thu Sep 21 02:46:44 CDT 2006 


Hugh Irvine schreef:
> 
> Hello Roel -
> 
> You can turn on LDAP debugging by adding the following to your AuthBy
> LDAP2 clause:
> 
> 
> <AuthBy LDAP2>
>     .....
>     Debug 255
> </AuthBy>
> 
> 
> This will show you the Radiator end of the LDAP conversation.

With this statement added to the AuthBy clause does not give any
more debugging info......

> 
> You should also check the LDAP server logs to see what it is doing.

I don't have access to this LDAPserver (other education institut).
Our other (old) Radiusservers don't have any problem connecting to
this LDAPserver. (running older versions of Radiator)

> 
> From what you say it sounds like a problem with SSL - probably at the
> server end.

Yes-No? The problem appeared after upgrading from 3.14 to 3.15.


> 
> regards
> 
> Hugh
> 
> 
> On 21 Sep 2006, at 00:32, R.H.Hoek wrote:
> 
>> Hello,
>>
>> Since our upgrade from 3.14 to 3.15 we have problems with one of our
>> LDAP-connections.
>> With 3.14 all was working fine. I have installed the latest patches.
>>
>> The error message is:
>>
>> Wed Sep 20 00:01:37 2006: DEBUG: Handling with Radius::AuthLDAP2:
>> nixxieldaptestacc
>> Wed Sep 20 00:01:37 2006: INFO: Connecting to 123.45.2.78:636
>> Wed Sep 20 00:01:37 2006: INFO: Attempting to bind to LDAP server
>> 123.45.2.78:636
>> Wed Sep 20 00:01:37 2006: ERR: Could not bind connection with , ,
>> error: LDAP_INAPPROPRIATE_AUTH (server 123.45.2.78:
>> 636).
>> Wed Sep 20 00:01:37 2006: ERR: Backing off from 123.45.2.78:636 for
>> 600 seconds.
>>
>> The corresponding config is:
>> <AuthBy LDAP2>
>>         Identifier nixxieldaptestacc
>>         Version 3
>>         Host 123.45.2.78
>>         BaseDN ou=Pers, ou=NonP ,o=nixxie
>>         Scope subtree
>>         ServerChecksPassword
>>         SearchFilter cn=%1
>>         UseSSL
>>         SSLVerify none
>> </AuthBy>
>>
>> All other LDAP connection don't have problems. These connections all
>> use AuthDN and don't use SSL.
>>
>> How to solve this problem?
>>
>> -- 
>> Groeten,
>>
>> Roel H.Hoek, Netwerkbeheer
>> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
>> kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
>> e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
>> Jabber/Googletalk: rhhoek at gmail.com
>>
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> --Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> -- 
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 

Groeten,

Roel H.Hoek, Netwerkbeheer
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
Jabber/Googletalk: rhhoek at gmail.com


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list