We're having problems with a ldaps connection to two windows domain
controllers.
An ldapsearch on the cli works every time, the radiator connection only
sometimes.
I've upgraded the radiator servers from 4.8 to 4.10 with current patches
in hope of a fix but it still shows the same behaviour:
Sometimes it works:
Thu Oct 18 12:41:42 2012: INFO: Connecting to 10.1.2.1 10.1.2.2:636
Thu Oct 18 12:41:42 2012: INFO: Attempting to bind to LDAP server
10.1.2.1 10.1.2.2:636
Sometimes it doesn't:
Thu Oct 18 13:38:43 2012: INFO: Connecting to 10.1.2.1 10.1.2.2:636
Thu Oct 18 13:38:49 2012: ERR: Could not open LDAP connection to
10.1.2.1 10.1.2.2:636. Backing off for 5 seconds.
BTW the debug output is really puzzling when you configure more than one
server/ip-address and should be changed to only show the server/ip
that's used to try the connection!
That's our config:
<AuthBy LDAP2>
# Save time by never looking for a default
NoDefault
Host 10.1.2.1 10.1.2.2
Port 636
Version 3
# request timeout in seconds
Timeout 3
# don't try to reach the ldap for this amount of seconds after
failure
FailureBackoffTime 5
# persistent connection doesn't work with M$ AD
# HoldServerConnection
UnbindAfterServerChecksPassword
## Enable SSL
UseSSL
## Enable TLS
# UseTLS
## Name of the client certificate file:
SSLCAClientCert %D/certificates/radius.fqdn.pem
## Name of the file containing the client private key
SSLCAClientKey %D/certificates/radius.fqdn.key
SSLCAFile %D/certificates/ad.pem
## Require ldap server certificate
#SSLVerify require
# LDAP access
AuthDN CN=foo,OU=bar,DC=fqdn,DC=at
AuthPassword foo
# Start looking here
BaseDN OU=bar,DC=fqdn,DC=at
# base, single, subtree
Scope subtree
UsernameAttr samaccountname
# don't check the password, just for phone number lookup
PasswordAttr
# store the users mobile phone number in the Callback-Number
radius attribute
AuthAttrDef mobile,Callback-Number,request
</AuthBy>
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
