(RADIATOR) LDAP problem 3.14->3.15

Hugh Irvine hugh at open.com.au
Thu Sep 21 03:38:29 CDT 2006


Hello Roel -

My apologies - I may have misunderstood.

Do you mean the configuration with SSL worked with Radiator 3.14 and  
now doesn't work with Radiator 3.15?

And have you gone back to Radiator 3.14 to verify that it still works?

It would be helpful if I could see more of the configuration file and  
a more complete trace 4 debug.

regards

Hugh



On 21 Sep 2006, at 17:46, R.H.Hoek wrote:

>
>
> Hugh Irvine schreef:
>>
>> Hello Roel -
>>
>> You can turn on LDAP debugging by adding the following to your AuthBy
>> LDAP2 clause:
>>
>>
>> <AuthBy LDAP2>
>>     .....
>>     Debug 255
>> </AuthBy>
>>
>>
>> This will show you the Radiator end of the LDAP conversation.
>
> With this statement added to the AuthBy clause does not give any
> more debugging info......
>
>>
>> You should also check the LDAP server logs to see what it is doing.
>
> I don't have access to this LDAPserver (other education institut).
> Our other (old) Radiusservers don't have any problem connecting to
> this LDAPserver. (running older versions of Radiator)
>
>>
>> From what you say it sounds like a problem with SSL - probably at the
>> server end.
>
> Yes-No? The problem appeared after upgrading from 3.14 to 3.15.
>
>
>>
>> regards
>>
>> Hugh
>>
>>
>> On 21 Sep 2006, at 00:32, R.H.Hoek wrote:
>>
>>> Hello,
>>>
>>> Since our upgrade from 3.14 to 3.15 we have problems with one of our
>>> LDAP-connections.
>>> With 3.14 all was working fine. I have installed the latest patches.
>>>
>>> The error message is:
>>>
>>> Wed Sep 20 00:01:37 2006: DEBUG: Handling with Radius::AuthLDAP2:
>>> nixxieldaptestacc
>>> Wed Sep 20 00:01:37 2006: INFO: Connecting to 123.45.2.78:636
>>> Wed Sep 20 00:01:37 2006: INFO: Attempting to bind to LDAP server
>>> 123.45.2.78:636
>>> Wed Sep 20 00:01:37 2006: ERR: Could not bind connection with , ,
>>> error: LDAP_INAPPROPRIATE_AUTH (server 123.45.2.78:
>>> 636).
>>> Wed Sep 20 00:01:37 2006: ERR: Backing off from 123.45.2.78:636 for
>>> 600 seconds.
>>>
>>> The corresponding config is:
>>> <AuthBy LDAP2>
>>>         Identifier nixxieldaptestacc
>>>         Version 3
>>>         Host 123.45.2.78
>>>         BaseDN ou=Pers, ou=NonP ,o=nixxie
>>>         Scope subtree
>>>         ServerChecksPassword
>>>         SearchFilter cn=%1
>>>         UseSSL
>>>         SSLVerify none
>>> </AuthBy>
>>>
>>> All other LDAP connection don't have problems. These connections all
>>> use AuthDN and don't use SSL.
>>>
>>> How to solve this problem?
>>>
>>> -- 
>>> Groeten,
>>>
>>> Roel H.Hoek, Netwerkbeheer
>>> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
>>> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
>>> kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
>>> e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
>>> Jabber/Googletalk: rhhoek at gmail.com
>>>
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --Radiator: the most portable, flexible and configurable RADIUS  
>> server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> -- 
>
> Groeten,
>
> Roel H.Hoek, Netwerkbeheer
> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
> kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
> e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
> Jabber/Googletalk: rhhoek at gmail.com
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list