Failure to reconnect to ldaps server after idle_timeout

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Tue Mar 10 18:48:45 CET 2015


> TLS: could not shutdown NSS - error -8053:NSS could not shutdown. Objects are still in use..
> rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to increase "spare"
> rlm_ldap (ldap): Opening additional connection (7), 1 of 32 pending slots used
> rlm_ldap (ldap): Connecting to ldap://ldap.example.com:636
> TLS: could not find the slot for the certificate '/etc/raddb/certs/ldap-ca.pem' - error -8127:The security card or token does not exist, needs to be initialized, or has been removed..
> TLS: /etc/raddb/certs/ldap-ca.pem is not a valid CA certificate file - error -8127:The security card or token does not exist, needs to be initialized, or has been removed..
> TLS: could not perform TLS system initialization.
> TLS: error: could not initialize moznss security context - error -8127:The security card or token does not exist, needs to be initialized, or has been removed.
> TLS: can't create ssl handle.
> rlm_ldap (ldap): Bind with cn=Radius,o=Example,c=XX to ldap://ldap.example.com:636 failed: Can't contact LDAP server
> TLS: could not shutdown NSS - error -8053:NSS could not shutdown. Objects are still in use..
> rlm_ldap (ldap): Opening connection failed (7)
> (28)     [ldap] = fail

I've seen this at STFC before... but despite my prodding, this was not raised on the list. :-/

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk
 
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150310/3ad025a3/attachment.sig>


More information about the Freeradius-Users mailing list