(RADIATOR) LDAP problem 3.14->3.15

Mike McCauley mikem at open.com.au
Thu Sep 21 19:40:02 CDT 2006 

Hello,

from the LDAP references:

 LDAP_INAPPROPRIATE_AUTH  

This result code indicates that the type of credentials are not appropriate 
for the method of authentication used. 
 The Directory Server sends this result code back to the client if simple 
authentication is used in a bind request, but the entry has no userpassword 
attribute. And if SASL EXTERNAL is attempted on a non-SSL connection. 

I dont see an AuthDN or AuthPassword in your config. Are they really there or 
have you sanitized the config file?

Cheers.


On Thursday 21 September 2006 17:46, R.H.Hoek wrote:
> Hugh Irvine schreef:
> > Hello Roel -
> >
> > You can turn on LDAP debugging by adding the following to your AuthBy
> > LDAP2 clause:
> >
> >
> > <AuthBy LDAP2>
> >     .....
> >     Debug 255
> > </AuthBy>
> >
> >
> > This will show you the Radiator end of the LDAP conversation.
>
> With this statement added to the AuthBy clause does not give any
> more debugging info......

The debug will appear on stdout: it is emitted by the perl ldap code.

>
> > You should also check the LDAP server logs to see what it is doing.
>
> I don't have access to this LDAPserver (other education institut).
> Our other (old) Radiusservers don't have any problem connecting to
> this LDAPserver. (running older versions of Radiator)
>
> > From what you say it sounds like a problem with SSL - probably at the
> > server end.
>
> Yes-No? The problem appeared after upgrading from 3.14 to 3.15.
>
> > regards
> >
> > Hugh
> >
> > On 21 Sep 2006, at 00:32, R.H.Hoek wrote:
> >> Hello,
> >>
> >> Since our upgrade from 3.14 to 3.15 we have problems with one of our
> >> LDAP-connections.
> >> With 3.14 all was working fine. I have installed the latest patches.
> >>
> >> The error message is:
> >>
> >> Wed Sep 20 00:01:37 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >> nixxieldaptestacc
> >> Wed Sep 20 00:01:37 2006: INFO: Connecting to 123.45.2.78:636
> >> Wed Sep 20 00:01:37 2006: INFO: Attempting to bind to LDAP server
> >> 123.45.2.78:636
> >> Wed Sep 20 00:01:37 2006: ERR: Could not bind connection with , ,
> >> error: LDAP_INAPPROPRIATE_AUTH (server 123.45.2.78:
> >> 636).
> >> Wed Sep 20 00:01:37 2006: ERR: Backing off from 123.45.2.78:636 for
> >> 600 seconds.
> >>
> >> The corresponding config is:
> >> <AuthBy LDAP2>
> >>         Identifier nixxieldaptestacc
> >>         Version 3
> >>         Host 123.45.2.78
> >>         BaseDN ou=Pers, ou=NonP ,o=nixxie
> >>         Scope subtree
> >>         ServerChecksPassword
> >>         SearchFilter cn=%1
> >>         UseSSL
> >>         SSLVerify none
> >> </AuthBy>
> >>
> >> All other LDAP connection don't have problems. These connections all
> >> use AuthDN and don't use SSL.
> >>
> >> How to solve this problem?
> >>
> >> --
> >> Groeten,
> >>
> >> Roel H.Hoek, Netwerkbeheer
> >> Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
> >> Universiteit Twente,  Postbus 217,  7500 AE  Enschede
> >> kmr SP 422, telefoon: 053 - 489 4598,  fax: 053 - 489 2383
> >> e-mail: r.h.hoek at utwente.nl http://www.utwente.nl/itbe
> >> Jabber/Googletalk: rhhoek at gmail.com
> >>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> > NB:
> >
> > Have you read the reference manual ("doc/ref.html")?
> > Have you searched the mailing list archive
> > (www.open.com.au/archives/radiator)?
> > Have you had a quick look on Google (www.google.com)?
> > Have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > Includes support for reliable RADIUS transport (RadSec),
> > and DIAMETER translation agent.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list