Hello, I’ve been using Radiator to support various services over the years. Today, I’m working on setting up a new RADIUS client/handler, and am having trouble diagnosing why connections from Radiator to an LDAP server are failing.
Using the ldapsearch command from the same system, using the same
AuthDN/password yields a successful result.
I’m wondering if there is an error being kicked off somewhere from the LDAP or
SSL Perl modules that I can’t see. Or is there an open/broken connection to
the LDAP server being cached somewhere that needs a “reset?”
I’ve turned on Trace 5 in radius.cfg and “Debug 255” in the AuthByLDAP2 clause,
but not seeing a lot in the logs about the reason for the failure.
I’d appreciate some assistance in tracking this down.
thank you,
Jennifer
Error message:
--------------------
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthGROUP:
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthLDAP2: *redacted*
Tue May 10 15:10:10 2016: INFO: Connecting to *redacted*:636
Tue May 10 15:10:10 2016: ERR: Could not open LDAP connection to
*redacted*:636. Backing off for 60 seconds.
Tue May 10 15:10:10 2016: DEBUG: Radius::AuthGROUP: redacted result: IGNORE,
User database access error
Tue May 10 15:10:10 2016: DEBUG: AuthBy GROUP result: IGNORE, User database
access error
Handler file:
----------------
<Handler NAS-IP-Address = *redacted*>
Identifier *redacted*
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
Include %D/include/*redacted*
</AuthBy>
</AuthBy>
Include %D/include/auth-log-common
</Handler>
Include file at %D/include/*redacted*:
--------------
Identifier *redacted*
Host *redacted*
Debug 255
UseSSL
SSLCAPath /etc/ssl/certs
FailureBackoffTime 60
BaseDN o=*redacted*
# Use privileged DN
AuthDN *redacted*
AuthPassword *redacted*
UsernameAttr uid
# Don't try to look up a DEFAULT user
NoDefault
PasswordAttr userPassword
ServerChecksPassword
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
