
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you, Alex & Patric.  </div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

So, I did try switching to 636 -- no difference. </div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Packet captures show that there is no communication between Radiator and the domain controllers.  On the other hand, I can run ldapsearch on the Radiator server using the same credentials and the search returns results -- so I'm concluding that I don't have

 a firewall issue.  </div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

If I switch UseSSL to UseTLS, there is some traffic captured, but the connection still fails to be established.</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<p class="p1" style="margin:0px;font:11px Menlo"><span class="s1" style="font-variant-ligatures:no-common-ligatures">00000000 Tue Jan 19 16:06:23 2021 004194: INFO: AuthLDAP2 Connecting to xxx.domain.tld port 3269</span></p>

<p class="p1" style="margin:0px;font:11px Menlo"><span class="s1" style="font-variant-ligatures:no-common-ligatures">00000000 Tue Jan 19 16:06:23 2021 007698: DEBUG: AuthLDAP2 Starting TLS to

<span style="font-variant-ligatures:no-common-ligatures;background-color:rgb(255, 255, 255);display:inline !important">

xxx.domain.tld<span> </span></span> port 3269</span></p>

<p class="p1" style="margin:0px;font:11px Menlo"><span class="s1" style="font-variant-ligatures:no-common-ligatures">00000000 Tue Jan 19 16:06:23 2021 050385: ERR: AuthLDAP2 StartTLS with

<span style="font-variant-ligatures:no-common-ligatures;background-color:rgb(255, 255, 255);display:inline !important">

xxx.domain.tld<span> </span></span> port 3269 failed: I/O Error Connection reset by peer</span></p>

<p class="p1" style="margin:0px;font:11px Menlo"><span class="s1" style="font-variant-ligatures:no-common-ligatures">00000000 Tue Jan 19 16:06:23 2021 050556: ERR: AuthLDAP2 Could not open LDAP connection to

<span style="font-variant-ligatures:no-common-ligatures;background-color:rgb(255, 255, 255);display:inline !important">

xxx.domain.tld<span> </span></span> port 3269. Backing off for 9 seconds.</span></p>

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Logging is already at max -- that hasn't revealed anything new.</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thanks!</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

                        -p</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div style="font-family:Tahoma; font-size:13px">

<div style="font-family:Tahoma; font-size:13px">

<div style="font-family:Tahoma; font-size:13px">

<div style="font-family:Tahoma; font-size:13px">

<div style="font-size:13px; font-family:Tahoma">

<div style="font-size:12px; color:rgb(18,48,84); font-family:Arial,Helvetica,sans-serif; background-color:rgb(255,255,255)">

<p class="MsoNormal"><span style="color:#1F497D">--<br>

</span><span style="color:rgb(31,73,125)">Pat Hirayama<br>

</span><span style="font-family:Arial,Helvetica,sans-serif; font-size:12px; color:rgb(31,73,125)">Systems Engineer | CIT / Systems Engineering | 206.667.4856 |

</span><a href="mailto:phirayam@fredhutch.org" style="font-family:Arial,Helvetica,sans-serif; font-size:12px">phirayam@fredhutch.org</a><span style="font-family:Arial,Helvetica,sans-serif; font-size:12px; color:rgb(31,73,125)"> | Fred Hutch | Cures Start Here</span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<div>

<div id="appendonsend"></div>

<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Alexander.Hartmaier@t-systems.com <Alexander.Hartmaier@t-systems.com><br>

<b>Sent:</b> Monday, January 18, 2021 00:51<br>

<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>

<b>Subject:</b> Re: [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain controllers</font>

<div> </div>

</div>

<div dir="ltr">

<div>

<div id="x_Signature">

<div>

<div></div>

<div name="x_divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">

<div class="x_BodyFragment"><font size="2" face="Arial">

<div class="x_PlainText">Hi Pat,<span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial"><br>

</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial">3269

 is Global Catalog over TLS, changing that to 636 will change the behaviour as you need a BaseDN and won't be able to authenticate users of trusted domains any more, so don't do that.</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial">Instead

 raise the Radiator log level or do a packet capture and look at it in wireshark to see what happens, my guess is the TLS handshake.<br>

</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial"><br>

</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial">The

 domain controllers might not send the whole certificate chain with all intermediate certs or you don't have the root CA in the trusted CA file /etc/ssl/certs/ca.pem.<br>

</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial"><br>

</font></span></span></span></span></span></div>

<div class="x_PlainText"><span style="font-family:arial; font-size:8pt"><span lang="EN-US" style="color:black"><span lang="EN-US"><span style="font-family:arial"><span lang="EN-US" style="color:black"><font class="x_ms-rteThemeForeColor-1-4" face="Arial">Best

 regards, Alex<br>

</font></span></span></span></span></span></div>

</font></div>

</div>

</div>

</div>

</div>

<div id="x_appendonsend"></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>Von:</b> radiator <radiator-bounces@lists.open.com.au> im Auftrag von Patrik Forsberg <patrik.forsberg@globalconnect.se><br>

<b>Gesendet:</b> Montag, 18. Jänner 2021 08:57<br>

<b>An:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>

<b>Betreff:</b> Re: [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain controllers</font>

<div> </div>

</div>

<div lang="SV" style="word-wrap:break-word">

<div class="x_x_WordSection1">

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span lang="EN-US" style="">Hello,</span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span lang="EN-US" style=""> </span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span lang="EN-US" style="">Try using port 389 for non-ssl or 636 for ssl - even if the server is DC atm.</span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span lang="EN-US" style=""> </span></p>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:10.0pt; font-family:Consolas">---</span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:10.0pt; font-family:Consolas">Best Regards,</span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:10.0pt; font-family:Consolas">Patrik</span></p>

</div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span lang="EN-US" style=""> </span></p>

<div>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm">

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<b><span lang="EN-US">From:</span></b><span lang="EN-US"> radiator <radiator-bounces@lists.open.com.au>

<b>On Behalf Of </b>Hirayama, Pat<br>

<b>Sent:</b> den 16 januari 2021 00:56<br>

<b>To:</b> radiator@lists.open.com.au<br>

<b>Subject:</b> [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain controllers</span></p>

</div>

</div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

 </p>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">Greetings,</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"> </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">I am currently trying to migrate an existing Radiator 4.12.1 running on CentOS 6.10 to Radiator 4.25 running on Ubuntu 20.04.1 LTS. I am running into an issue where Radiator 4.25 is unable to connect via LDAP to my

 domain controllers.  The log shows (DC names changed):</span></p>

</div>

<div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"> </span></p>

</div>

<div>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 089445: INFO: AuthLDAP2 Connecting to DC1.domain.tld port 3269</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 124694: ERR: AuthLDAP2 Could not open LDAP connection to

<span style="background:white none repeat scroll 0% 0%">DC1.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 124845: INFO: AuthLDAP2 Connecting to

<span style="background:white none repeat scroll 0% 0%">DC2.domain.tld</span> port 3269</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 125576: ERR: AuthLDAP2 Could not open LDAP connection to

<span style="background:white none repeat scroll 0% 0%">DC2.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 125720: INFO: AuthLDAP2 Connecting to

<span style="background:white none repeat scroll 0% 0%">DC3.domain.tld</span> port 3269</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">00000000 Fri Jan 15 15:26:35 2021 126451: ERR: AuthLDAP2 Could not open LDAP connection to

<span style="background:white none repeat scroll 0% 0%">DC3.domain.tld</span> port 3269. Backing off for 10 seconds.</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"> </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">My new <AuthBy LDAP2> stanza (again anonymized)</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"> </span></p>

</div>

<div>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"><Handler Client-Identifier=webvpn-test-servers></span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">       

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">RejectHasReason</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p2" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif; min-height:13px">

<span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"> </span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">       

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">#AuthLog webvpn-authlog</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">       

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"># Handle test users</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">        <AuthBy LDAP2></span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">                Host DC1.domain.tld DC2.domain.tld DC3.domain.tld </span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"><br>

<br>

</span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">SSLVerify none</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">include /etc/radiator/ssl.txt</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">UseSSL</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">Port 3269</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">AuthDN XXXXXXXXXXXXXXXX</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">AuthPassword XXXXXXXXX</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">CachePasswords</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">                FailureBackoffTime 10</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">#BaseDN XXXXXXXXXXXX</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">UsernameAttr sAMAccountName</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">                Debug 255</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">ServerChecksPassword</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">               

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">#HoldServerConnection</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">                SearchFilter (&(%0=%1)(|(memberOf=XXX))  # removing filter for privacy -- besides, we aren't getting that far</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_apple-converted-space"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">        

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></AuthBy></span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></Handler></span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"> </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">/etc/radiator/ssl.txt (anonymized):</span></p>

</div>

<div>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">SSLCAClientCert</span></span><span class="x_x_apple-tab-span"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">/etc/ssl/certs/server.pem</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">SSLCAClientKey</span></span><span class="x_x_apple-tab-span"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">/etc/ssl/private/server.key</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">SSLCAFile</span></span><span class="x_x_apple-tab-span"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">

</span></span><span class="x_x_s1"><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black">/etc/ssl/certs/ca.pem</span></span><span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"></span></p>

<p class="x_x_p1" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:8.5pt; font-family:"Menlo",serif; color:black"> </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">Aside from the lines that have been commented out above -- I have tried modifying SSLCiphers from default mostly because someone mentioned that they were running under a newer version of OpenSSL that protected against

 weak Diffie Hellman keys (to prevent LogJam attack).  That didn't seem to help.  I have Trace running at 5 and Debug at 255.  </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"><br>

<br>

</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">Any help would be appreciated.  </span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"><br>

<br>

</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">Thanks!</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black"><br>

<br>

</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

<span style="font-size:12pt; color:black">                   -p</span></p>

</div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif">

 </p>

</div>

<div id="x_x_Signature">

<div>

<div>

<div>

<div>

<div>

<div>

<div>

<p class="x_x_MsoNormal" style="margin-top: 0px; margin-bottom: 0px;margin:0cm; font-size:11pt; font-family:"Calibri",sans-serif; background:white none repeat scroll 0% 0%">

<span style="font-size:9pt; font-family:"Arial",sans-serif; color:rgb(31,73,125)">--<br>

Pat Hirayama<br>

Systems Engineer | CIT / Systems Engineering | 206.667.4856 | </span><span style="font-size:9pt; font-family:"Arial",sans-serif; color:rgb(18,48,84)"><a href="mailto:phirayam@fredhutch.org">phirayam@fredhutch.org</a></span><span style="font-size:9pt; font-family:"Arial",sans-serif; color:rgb(31,73,125)">

 | Fred Hutch | Cures Start Here</span><span style="font-size:9pt; font-family:"Arial",sans-serif; color:rgb(18,48,84)"></span></p>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</body>

</html>