Hello Chuck -
According to the debug trace, the initial connection attempt to the LDAP server (AD) is failing.
Fri Dec 5 14:14:55 2003: INFO: Connecting to myad.myrealm.somewhere.com, port
636
Fri Dec 5 14:14:55 2003: ERR: Could not open LDAP connection to
myad.myrealm.somewhere.com, port 636. Backing off for 600 seconds.
In the first instance you will need to verify the IP address and port number of the LDAP server.
It is usually _much_ easier to proxy requests to an instance of Radiator running on the Windows box and use an AuthBy ADSI clause to connect directly to AD.
regards
Hugh
On 06/12/2003, at 7:09 AM, Chuck Byam wrote:
After searching the archives this question has been asked but I can find no
definitive answer.
Can radiator running on a "non" windows platform authenticate users against AD
using SSL and without proxying the requst to a windows based radius server?
Using the config examples located in the faq and ref man I am unable to get
this to work. Could someone who has successfully done this provide some
insight or config example?
<Handler Realm = myrealm.somewhere.com> <AuthBy LDAP2> UseSSL # SSLVerify none Host myad.myrealm.somewhere.com AuthDN radiusbind AuthPassword xxxxxxx BaseDN cn=Users, dc=myrealm, dc=somewhere, dc=com ServerChecksPassword UsernameAttr cn </AuthBy> </Handler>
*** Received from 127.0.0.1 port 32948 .... Code: Access-Request Identifier: 88 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 10.4.40.31 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<154><226>,<206><192>\<4><246><188>8<9><160><216>}x<153>"
Fri Dec 5 14:14:55 2003: DEBUG: Handling request with Handler 'Realm =
myrealm.somewhere.com'
Fri Dec 5 14:14:55 2003: DEBUG: Deleting session for
[EMAIL PROTECTED], 10.4.40.31, 1234
Fri Dec 5 14:14:55 2003: DEBUG: Handling with Radius::AuthLDAP2:
Fri Dec 5 14:14:55 2003: INFO: Connecting to myad.myrealm.somewhere.com, port
636
Fri Dec 5 14:14:55 2003: ERR: Could not open LDAP connection to
myad.myrealm.somewhere.com, port 636. Backing off for 600 seconds.
Thanks, -- Chuck === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
