Hi guys,
please anyone could help me to decode error in access log?
Problem desr.:
I need to make Ricoh C3001 printer authenticate x 389 DS.
The printer stubbornly tries to start TLS inside SSL connection (if i
read the log file correct?) and the authentication fails, because 389
doesn't know what to make off it (i think) see:
The server uses ldaps:// method of connection on 636 port (with
selfsigned certificates).
[20/Oct/2014:18:31:50 +0200] conn=38 fd=70 slot=70 SSL connection from
192.168.2.139 to 192.168.2.245
[20/Oct/2014:18:31:50 +0200] conn=38 SSL 256-bit AES
[20/Oct/2014:18:31:50 +0200] conn=38 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[20/Oct/2014:18:31:50 +0200] conn=38 op=0 RESULT err=1 tag=120
nentries=0 etime=0
[20/Oct/2014:18:31:50 +0200] conn=38 op=1 BIND dn="RICOH2-SB$"
method=128 version=3
[20/Oct/2014:18:31:50 +0200] conn=38 op=1 RESULT err=53 tag=97
nentries=0 etime=0
[20/Oct/2014:18:31:51 +0200] conn=38 op=2 UNBIND
[20/Oct/2014:18:31:51 +0200] conn=38 op=2 fd=70 closed - U1
The 'err=53' means "server is unwilling to perform" and i see same
message in the printer logs
also, you can see the printer starts 'extended operation':
EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
which i think it should not? (because it is already SSL conn from start?)
different encryption (same result):
[root@srv-022 slapd-srv-022]# cat access | grep conn=48
[20/Oct/2014:18:35:56 +0200] conn=48 fd=68 slot=68 SSL connection from
192.168.2.139 to 192.168.2.245
[20/Oct/2014:18:35:57 +0200] conn=48 SSL 128-bit RC4
[20/Oct/2014:18:35:57 +0200] conn=48 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[20/Oct/2014:18:35:57 +0200] conn=48 op=0 RESULT err=1 tag=120
nentries=0 etime=1
[20/Oct/2014:18:35:57 +0200] conn=48 op=1 BIND dn="RICOH2-SB$"
method=128 version=3
[20/Oct/2014:18:35:57 +0200] conn=48 op=1 RESULT err=53 tag=97
nentries=0 etime=0
[20/Oct/2014:18:35:57 +0200] conn=48 op=2 UNBIND
[20/Oct/2014:18:35:57 +0200] conn=48 op=2 fd=68 closed - U1
Please note the different encryption i tried to use - for eg. 128-bit
RC4 and 256-bit AES etc, but all produces same result.
The printer has choice for usinge of ssl:
ssl 2.0 (set to 'yes)
ssl 3.0 (set to 'yes')
tls (i set this option to "NO" - but made no difference and result is
still same)
Also, the printer has only 2options:
1.
use SSL/TLS - if i check this, port 636 is automatically used
2.
dont use SSL/TLS - if i check this option, port 389 is used
Not much else to pick on (ofc there is other LDAP things to fill up like
hostname etc.)
I think this looks like client problem? Or do you think i can try to
tune up something on the server side? - anybody had experienced similar
troubles?
--
*Karel Lang*
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
