<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
color:black;
font-weight:normal;
font-style:normal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:754084105;
mso-list-type:hybrid;
mso-list-template-ids:2119964146 1425076282 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1599752724;
mso-list-type:hybrid;
mso-list-template-ids:-222820034 2143314264 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hello list,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">in my further tests with FreeRADIUS v3 (rpmbuild from v3.0.x branch) I have a problem with the ldap module and start_tls.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This is definitely working:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">Ldap connect with ldap utils (ldapsearch -ZZ and so on) via port 389 with starttls<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">Ldap connect with FreeRADIUS 2.1.12 via port 389 (start_tls = yes and require_cert = "demand")<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This is not working:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">FR 3 ldap module isn’t able to connect to ldap server via port 389 + start_tls=yes<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">FR debug error:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> # Loaded module rlm_ldap<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> ldap {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> server = "fqdn" (matches CN in ldap server certificate)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> port = 389<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> password = "xxx"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> identity = "xxx"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> valuepair_attribute = "radiusVSA"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> read_clients = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> user {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(objectClass=radiusProfile))"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> scope = "sub"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> base_dn = "xxx"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> access_attribute = "radiusAccountStatus"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> access_positive = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> group {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> filter = "(objectClass=groupOfNames)"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> scope = "sub"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> base_dn = "xxx"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> name_attribute = "cn"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> membership_attribute = "memberOf"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> membership_filter = "(member=%{control:Ldap-UserDn})"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> cacheable_name = no<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> cacheable_dn = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> client {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> filter = "(objectClass=radiusClient)"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> scope = "sub"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span>base_dn = "xxx"<o:p></o:p></p>
<p class="MsoNormal"> <span lang="EN-US">attribute {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> identifier = "radiusClientIdentifier"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> shortname = "radiusClientShortname"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> nas_type = "radiusClientType"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> secret = "radiusClientSecret"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> virtual_server = "radiusClientVirtualServer"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> require_message_authenticator = "radiusClientRequireMa"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> profile {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> filter = "(objectclass=radiusObjectProfile)"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> attribute = "radiusGroupName"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span>default = "xxx"<o:p></o:p></p>
<p class="MsoNormal"> <span lang="EN-US">}<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> options {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> ldap_debug = 597<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> chase_referrals = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> rebind = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> net_timeout = 1<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> res_timeout = 20<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> srv_timelimit = 20<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> idle = 60<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> probes = 3<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> interval = 3<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> tls {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> ca_file = "/etc/raddb/certs/rootca_cert.pem"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> start_tls = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> require_cert = "demand" (also tested with never, same result)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> accounting {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> reference = "%{tolower:type.%{Acct-Status-Type}}"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> post-auth {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> reference = "."<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Initialising connection pool<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> pool {<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> start = 5<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> min = 4<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> max = 10<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> spare = 3<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> uses = 0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> lifetime = 0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> cleanup_delay = 5<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> idle_timeout = 60<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> spread = no<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Opening additional connection (0)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Connecting to fqdn:389<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Could not start TLS: Connect error<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Opening connection failed (0)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">rlm_ldap (ldap): Removing connection pool<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">/etc/raddb/mods-enabled/ldap[8]: Instantiation failed for module "ldap"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l1 level1 lfo1"><![if !supportLists]><span lang="EN-US"><span style="mso-list:Ignore">-<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span lang="EN-US">openldap debug log:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: slap_listener_activate(7):
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 busy<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: >>> slap_listener(ldap:///)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: listen=7, new connection on 16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: added 16r (active) listener=(nil)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 2 descriptors<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: 16r<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: read active on 16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16): got connid=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_read(16): checking for input on id=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: op tag 0x77, time 1385634060<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: conn=1003 op=0 do_extended<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: do_extended: oid=1.3.6.1.4.1.1466.20037<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: send_ldap_extended: err=0 oid= len=0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: send_ldap_response: msgid=1 tag=120 err=0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: 16r<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: read active on 16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16): got connid=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_read(16): checking for input on id=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: 16r<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: read active on 16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_get(16): got connid=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_read(16): checking for input on id=1003<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_read(16): TLS accept failure error=-1 id=1003, closing<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_closing: readying conn=1003 sd=16 for close<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: connection_close: conn=1003 sd=16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: removing 16<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on 1 descriptor<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: activity on:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]:
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=7 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=8 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=9 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=10 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Nov 28 11:21:00 radiusv3test slapd[7737]: daemon: epoll: listen=11 active_threads=0 tvp=zero<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">FreeRADIUS 3:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"># ldd /usr/sbin/radiusd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> linux-vdso.so.1 => (0x00007fff8c1ff000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libfreeradius-server.so => /usr/lib64/freeradius/libfreeradius-server.so (0x00007f224b44b000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libfreeradius-radius.so => /usr/lib64/freeradius/libfreeradius-radius.so (0x00007f224b21b000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libfreeradius-eap.so => /usr/lib64/freeradius/libfreeradius-eap.so (0x00007f224b011000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libpcre.so.0 => /lib64/libpcre.so.0 (0x00007f224ade0000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libpcreposix.so.0 => /usr/lib64/libpcreposix.so.0 (0x00007f224abdd000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libtalloc.so.2 => /usr/lib64/libtalloc.so.2 (0x00007f224a9d3000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f224a639000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f224a3db000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f224a1c2000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f2249fa8000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span>libdl.so.2 => /lib64/libdl.so.2 (0x00007f2249da3000)<o:p></o:p></p>
<p class="MsoNormal"> <span lang="EN-US">libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2249b86000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libreadline.so.6 => /lib64/libreadline.so.6 (0x00007f2249943000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f224970b000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libc.so.6 => /lib64/libc.so.6 (0x00007f2249378000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> /lib64/ld-linux-x86-64.so.2 (0x00007f224b66d000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> librt.so.1 => /lib64/librt.so.1 (0x00007f2249170000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libz.so.1 => /lib64/libz.so.1 (0x00007f2248f59000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f2248d15000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f2248a2f000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f224882a000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f22485fe000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007f22483dd000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libfreebl3.so => /lib64/libfreebl3.so (0x00007f2248170000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f2247f65000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f2247d62000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f2247b42000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">FreeRADIUS v2.1.12 (default RPM from official CentOS Repo):<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"># ldd /usr/sbin/radiusd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> linux-vdso.so.1 => (0x00007fffa9980000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libfreeradius-radius-2.1.12.so => /usr/lib64/freeradius/libfreeradius-radius-2.1.12.so (0x00007fb0297b0000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fb029591000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fb029377000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb02915a000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb028f22000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007fb028d19000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fb028abc000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fb028721000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> </span>libc.so.6 => /lib64/libc.so.6 (0x00007fb02838e000)<o:p></o:p></p>
<p class="MsoNormal"> /lib64/ld-linux-x86-64.so.2 (0x00007fb029c1e000)<o:p></o:p></p>
<p class="MsoNormal"> <span lang="EN-US">libfreebl3.so => /lib64/libfreebl3.so (0x00007fb028122000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libdl.so.2 => /lib64/libdl.so.2 (0x00007fb027f1d000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fb027cd9000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fb0279f3000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fb0277ee000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fb0275c2000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libz.so.1 => /lib64/libz.so.1 (0x00007fb0273ac000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fb0271a0000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fb026f9d000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fb026d7d000)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in advance for any help and please let me know if further information is needed.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Kind regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Tobias Hachmer<o:p></o:p></span></p>
</div>
</body>
</html>