[RADIATOR] help diagnosing failure to connect to LDAP

Jennifer Mehl jennifer.mehl at ucsb.edu
Tue May 10 17:49:10 CDT 2016 

Hello,

I’ve been using Radiator to support various services over the years.  Today, I’m working on setting up a new RADIUS client/handler, and am having trouble diagnosing why connections from Radiator to an LDAP server are failing.

Using the ldapsearch command from the same system, using the same AuthDN/password yields a successful result.

I’m wondering if there is an error being kicked off somewhere from the LDAP or SSL Perl modules that I can’t see.  Or is there an open/broken connection to the LDAP server being cached somewhere that needs a “reset?”

I’ve turned on Trace 5 in radius.cfg and “Debug 255” in the AuthByLDAP2 clause, but not seeing a lot in the logs about the reason for the failure.

I’d appreciate some assistance in tracking this down.

thank you,
Jennifer



Error message:
--------------------
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthGROUP:
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthLDAP2: *redacted*
Tue May 10 15:10:10 2016: INFO: Connecting to *redacted*:636
Tue May 10 15:10:10 2016: ERR: Could not open LDAP connection to *redacted*:636. Backing off for 60 seconds.
Tue May 10 15:10:10 2016: DEBUG: Radius::AuthGROUP: redacted result: IGNORE, User database access error
Tue May 10 15:10:10 2016: DEBUG: AuthBy GROUP result: IGNORE, User database access error




Handler file:
----------------

<Handler NAS-IP-Address = *redacted*>
  Identifier *redacted*

<AuthBy GROUP>
   AuthByPolicy ContinueWhileAccept

	<AuthBy LDAP2>
        Include %D/include/*redacted*

   	</AuthBy>

</AuthBy>

Include %D/include/auth-log-common

</Handler>


Include file at %D/include/*redacted*:
--------------

Identifier *redacted*

Host *redacted*

Debug 255

UseSSL
SSLCAPath /etc/ssl/certs

FailureBackoffTime 60

BaseDN o=*redacted*

# Use privileged DN
AuthDN *redacted*
AuthPassword *redacted*

UsernameAttr uid


# Don't try to look up a DEFAULT user
NoDefault

PasswordAttr userPassword
ServerChecksPassword

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://www.open.com.au/pipermail/radiator/attachments/20160510/8abd70a2/attachment.bin

More information about the radiator mailing list