I haven't tried yet, am using 2.0.25 right now. I have a test machine available will give it a shot one of these days.
On Thu, 27 Mar 2003, Mike Denka wrote: > Hmmm . . . I feel like I'm talking to myself here - but this is a > problem that may need some attention. This issue will be more pertinent > I think if people begin to use later versions of openldap not only as > collocated servers but simply to supply the liblber and other ldap > libraries to allow freeradius to authenticate via ldap. If what I've > witnessed and tested several times is proven out, freeradius will not > work (that is, will not perform correct ldap authentication) with > certain versions of openldap libraries. I have tested with > openldap-2.1.12 which does work and with openldap-2.1.16 which does not. > I have not tested with versions in between. > > Can anyone confirm this from their own experience? Is there something > simple I'm missing that might explain and offer a solution (besides, of > course, not using openldap-2.1.16)? > > Mike > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Denka > Sent: Wednesday, March 26, 2003 3:50 PM > To: [EMAIL PROTECTED] > Subject: RE: rlm_ldap issues > > After more research, I found that I could only get radius to work by > manually removing all the libraries from openldap-2.1.16 and rebuilding > an earlier release (in my case, I used 2.1.12) Just rebuilding and > reinstalling the two programs didn't work, as I said in my first post, > so some residual components of 2.1.16 are left intact and used by > freeradius even if an earlier version of ldap is reinstalled. > > One might object to my posting this thread on the freeradius list rather > than the openldap list, and that objection has merit. But I'd really > like to get the opinions of the freeradius gurus about what might be > causing this hostility between freeradius and the latest openldap. In > any case, this may serve as a cautionary tale for anyone planning to > upgrade to the latest openldap ON THE SAME SERVER that is running > freeradius. (Also a cautionary tale for anyone wondering whether it's a > good idea to run two major production services on the same server). > > I'm also curious - is anyone else successfully running openldap-2.1.16 > on the same server as freeradius-0.8.1? Perhaps I'm overlooking > something? > > Mike > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Denka > Sent: Wednesday, March 26, 2003 7:49 AM > To: [EMAIL PROTECTED] > Subject: rlm_ldap issues > > > This morning I upgraded my ldap server to the latest revision (from > openldap-2.1.12 to openldap-2.1.16). Then restarted radius (freeradius > v 0.8.1) and was surprised by a slew of errors in my radius.log file. > They were: > > "Error: rlm_ldap: All ldap connections are in use" > > and > > "Error: Dropping packet from client evrt1-1:1645 - ID: 32 due to dead > request 933" > > Of course, no one could authenticate. > > Next I ran radius in debug mode, but as soon as a connection was > requested, the radius server died trying to authenticate the first user. > The failed authentication ended with the following output from radiusd > -X: > > . > . > . > rad_lowerpair: User-Name now 'mollybe' > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > rlm_ldap: - authorize > rlm_ldap: performing user authorization for mollybe > radius_xlat: '(uid=mollybe)' > radius_xlat: 'ou=people,dc=winsome,dc=com' > ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 > rlm_ldap: bind as cn=Manager,dc=winsome,dc=com/secretpassword to > 127.0.0.1:389 > rlm_ldap:waiting for bind result ... > rlm_ldap: performing search in ou=people,dc=winsome,dc=com, with filter > (uid=mollybe) > /usr/local/sbin/radiusd: relocation error: > /usr/local/lib/rlm_ldap-0.8.1.so: undefined symbol: ldap_enable_cache > > Unable to determine the exact nature of the errors, I decided to go back > to the previous version of LDAP to undo what I had done. However, after > reinstalling the previous version of LDAP, the same problem with radius > persisted. Since it appeared that there was a library problem in > rlm_ldap-0.8.1, I rebuilt freeradius from scratch. Still, the same > errors persisted. Now, as a temporary measure I have had to go back to > the passwd and shadow files to allow customer access. But this is not a > solution. Please lend assistance if you can. > > Thanks very much, > > Mike > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
