Hello, Try using port 389 for non-ssl or 636 for ssl - even if the server is DC atm.
--- Best Regards, Patrik From: radiator <[email protected]> On Behalf Of Hirayama, Pat Sent: den 16 januari 2021 00:56 To: [email protected] Subject: [RADIATOR] ERR: AuthLDAP2 Could not open LDAP connection to AD domain controllers Greetings, I am currently trying to migrate an existing Radiator 4.12.1 running on CentOS 6.10 to Radiator 4.25 running on Ubuntu 20.04.1 LTS. I am running into an issue where Radiator 4.25 is unable to connect via LDAP to my domain controllers. The log shows (DC names changed): 00000000 Fri Jan 15 15:26:35 2021 089445: INFO: AuthLDAP2 Connecting to DC1.domain.tld port 3269 00000000 Fri Jan 15 15:26:35 2021 124694: ERR: AuthLDAP2 Could not open LDAP connection to DC1.domain.tld port 3269. Backing off for 10 seconds. 00000000 Fri Jan 15 15:26:35 2021 124845: INFO: AuthLDAP2 Connecting to DC2.domain.tld port 3269 00000000 Fri Jan 15 15:26:35 2021 125576: ERR: AuthLDAP2 Could not open LDAP connection to DC2.domain.tld port 3269. Backing off for 10 seconds. 00000000 Fri Jan 15 15:26:35 2021 125720: INFO: AuthLDAP2 Connecting to DC3.domain.tld port 3269 00000000 Fri Jan 15 15:26:35 2021 126451: ERR: AuthLDAP2 Could not open LDAP connection to DC3.domain.tld port 3269. Backing off for 10 seconds. My new <AuthBy LDAP2> stanza (again anonymized) <Handler Client-Identifier=webvpn-test-servers> RejectHasReason #AuthLog webvpn-authlog # Handle test users <AuthBy LDAP2> Host DC1.domain.tld DC2.domain.tld DC3.domain.tld SSLVerify none include /etc/radiator/ssl.txt UseSSL Port 3269 AuthDN XXXXXXXXXXXXXXXX AuthPassword XXXXXXXXX CachePasswords FailureBackoffTime 10 #BaseDN XXXXXXXXXXXX UsernameAttr sAMAccountName Debug 255 ServerChecksPassword #HoldServerConnection SearchFilter (&(%0=%1)(|(memberOf=XXX)) # removing filter for privacy -- besides, we aren't getting that far </AuthBy> </Handler> /etc/radiator/ssl.txt (anonymized): SSLCAClientCert /etc/ssl/certs/server.pem SSLCAClientKey /etc/ssl/private/server.key SSLCAFile /etc/ssl/certs/ca.pem Aside from the lines that have been commented out above -- I have tried modifying SSLCiphers from default mostly because someone mentioned that they were running under a newer version of OpenSSL that protected against weak Diffie Hellman keys (to prevent LogJam attack). That didn't seem to help. I have Trace running at 5 and Debug at 255. Any help would be appreciated. Thanks! -p -- Pat Hirayama Systems Engineer | CIT / Systems Engineering | 206.667.4856 | [email protected]<mailto:[email protected]> | Fred Hutch | Cures Start Here
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
