<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Menlo;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
p.p1, li.p1, div.p1
        {mso-style-name:p1;
        margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.s1
        {mso-style-name:s1;}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
p.p2, li.p2, div.p2
        {mso-style-name:p2;
        margin:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.apple-tab-span
        {mso-style-name:apple-tab-span;}
span.EmailStyle24
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="SV" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Try using port 389 for non-ssl or 636 for ssl - even if the server is DC atm.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">---<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">Best Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Consolas">Patrik<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> radiator <radiator-bounces@lists.open.com.au>
<b>On Behalf Of </b>Hirayama, Pat<br>
<b>Sent:</b> den 16 januari 2021 00:56<br>
<b>To:</b> radiator@lists.open.com.au<br>
<b>Subject:</b> [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain controllers<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Greetings,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">I am currently trying to migrate an existing Radiator 4.12.1 running on CentOS 6.10 to Radiator 4.25 running on Ubuntu 20.04.1 LTS. I am running into an issue where Radiator 4.25 is unable to connect
 via LDAP to my domain controllers.  The log shows (DC names changed):<o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 089445: INFO: AuthLDAP2 Connecting to DC1.domain.tld port 3269</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 124694: ERR: AuthLDAP2 Could not open LDAP connection to
<span style="background:white">DC1.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 124845: INFO: AuthLDAP2 Connecting to
<span style="background:white">DC2.domain.tld</span> port 3269</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 125576: ERR: AuthLDAP2 Could not open LDAP connection to
<span style="background:white">DC2.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 125720: INFO: AuthLDAP2 Connecting to
<span style="background:white">DC3.domain.tld</span> port 3269</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">00000000 Fri Jan 15 15:26:35 2021 126451: ERR: AuthLDAP2 Could not open LDAP connection to
<span style="background:white">DC3.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">My new <AuthBy LDAP2> stanza (again anonymized)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><Handler Client-Identifier=webvpn-test-servers></span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">       
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">RejectHasReason</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p2" style="min-height:13px"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p> </o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">       
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">#AuthLog webvpn-authlog</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">       
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"># Handle test users</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">        <AuthBy LDAP2></span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">                Host DC1.domain.tld DC2.domain.tld DC3.domain.tld </span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><br>
<br>
<o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">SSLVerify none</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">include /etc/radiator/ssl.txt</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">UseSSL</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">Port 3269</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">AuthDN XXXXXXXXXXXXXXXX</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">AuthPassword XXXXXXXXX</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">CachePasswords</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">                FailureBackoffTime 10</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">#BaseDN XXXXXXXXXXXX</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">UsernameAttr sAMAccountName</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">                Debug 255</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">ServerChecksPassword</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">               
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">#HoldServerConnection</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">                SearchFilter (&(%0=%1)(|(memberOf=XXX))  # removing filter for privacy -- besides, we aren't getting that far</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="apple-converted-space"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">        
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"></AuthBy></span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"></Handler></span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">/etc/radiator/ssl.txt (anonymized):<o:p></o:p></span></p>
</div>
<div>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">SSLCAClientCert</span></span><span class="apple-tab-span"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">/etc/ssl/certs/server.pem</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">SSLCAClientKey</span></span><span class="apple-tab-span"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">/etc/ssl/private/server.key</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">SSLCAFile</span></span><span class="apple-tab-span"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">
</span></span><span class="s1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black">/etc/ssl/certs/ca.pem</span></span><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p></o:p></span></p>
<p class="p1"><span style="font-size:8.5pt;font-family:"Menlo",serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Aside from the lines that have been commented out above -- I have tried modifying SSLCiphers from default mostly because someone mentioned that they were running under a newer version of OpenSSL
 that protected against weak Diffie Hellman keys (to prevent LogJam attack).  That didn't seem to help.  I have Trace running at 5 and Debug at 255.  </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Any help would be appreciated.  </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Thanks!</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><br>
<br>
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">                   -p</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="Signature">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;background:white">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">--<br>
Pat Hirayama<br>
Systems Engineer | CIT / Systems Engineering | 206.667.4856 | </span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#123054"><a href="mailto:phirayam@fredhutch.org">phirayam@fredhutch.org</a></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#1F497D">
 | Fred Hutch | Cures Start Here</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#123054"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>