[RADIATOR] help diagnosing failure to connect to LDAP
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Fri May 13 07:06:22 CDT 2016
Hi,
I'm using 'Debug 12' inside of <AuthBy LDAP2> to troubleshoot TLS problems.
Have you set the port to 636 and UseSSL? UseTLS should really be named UseSTARTTLS because it's quite irritating otherwise.
You also need to configure the root CA (not intermeditate CA!) cert using SSLCAFile.
I haven't the need to run Radiator in the foreground, maybe I've missed the Net::LDAP errors in the past?!
Cheers, Alex
On 2016-05-11 18:42, Tuure Vartiainen wrote:
Hello,
On 11 May 2016, at 01:49, Jennifer Mehl <jennifer.mehl at ucsb.edu><mailto:jennifer.mehl at ucsb.edu> wrote:
I’m working on setting up a new RADIUS client/handler, and am having trouble diagnosing why connections from Radiator to an LDAP server are failing.
Using the ldapsearch command from the same system, using the same AuthDN/password yields a successful result.
I’m wondering if there is an error being kicked off somewhere from the LDAP or SSL Perl modules that I can’t see. Or is there an open/broken connection to the LDAP server being cached somewhere that needs a “reset?”
I’ve turned on Trace 5 in radius.cfg and “Debug 255” in the AuthByLDAP2 clause, but not seeing a lot in the logs about the reason for the failure.
Perl’s LDAP library’s debug output, which is enabled with “Debug 255”,
can only be seen on a console when running Radiator on a foreground.
E.g.
$ perl radiusd -config /etc/radiator/radius.cfg -trace 4 -log_stdout -foreground
BR
--
Tuure Vartiainen <vartiait at open.com.au><mailto:vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator at open.com.au<mailto:radiator at open.com.au>
http://www.open.com.au/mailman/listinfo/radiator
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20160513/24db91ce/attachment.html
More information about the radiator
mailing list