[RADIATOR] help diagnosing failure to connect to LDAP

Tue, 10 May 2016 15:50:34 -0700 

Hello,

I’ve been using Radiator to support various services over the years.  Today, 
I’m working on setting up a new RADIUS client/handler, and am having trouble 
diagnosing why connections from Radiator to an LDAP server are failing.

Using the ldapsearch command from the same system, using the same 
AuthDN/password yields a successful result.

I’m wondering if there is an error being kicked off somewhere from the LDAP or 
SSL Perl modules that I can’t see.  Or is there an open/broken connection to 
the LDAP server being cached somewhere that needs a “reset?”

I’ve turned on Trace 5 in radius.cfg and “Debug 255” in the AuthByLDAP2 clause, 
but not seeing a lot in the logs about the reason for the failure.

I’d appreciate some assistance in tracking this down.

thank you,
Jennifer



Error message:
--------------------
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthGROUP:
Tue May 10 15:10:10 2016: DEBUG: Handling with Radius::AuthLDAP2: *redacted*
Tue May 10 15:10:10 2016: INFO: Connecting to *redacted*:636
Tue May 10 15:10:10 2016: ERR: Could not open LDAP connection to 
*redacted*:636. Backing off for 60 seconds.
Tue May 10 15:10:10 2016: DEBUG: Radius::AuthGROUP: redacted result: IGNORE, 
User database access error
Tue May 10 15:10:10 2016: DEBUG: AuthBy GROUP result: IGNORE, User database 
access error




Handler file:
----------------

<Handler NAS-IP-Address = *redacted*>
  Identifier *redacted*

<AuthBy GROUP>
   AuthByPolicy ContinueWhileAccept

        <AuthBy LDAP2>
        Include %D/include/*redacted*

        </AuthBy>

</AuthBy>

Include %D/include/auth-log-common

</Handler>


Include file at %D/include/*redacted*:
--------------

Identifier *redacted*

Host *redacted*

Debug 255

UseSSL
SSLCAPath /etc/ssl/certs

FailureBackoffTime 60

BaseDN o=*redacted*

# Use privileged DN
AuthDN *redacted*
AuthPassword *redacted*

UsernameAttr uid


# Don't try to look up a DEFAULT user
NoDefault

PasswordAttr userPassword
ServerChecksPassword

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to