rlm_ldap (ldap): Could not start TLS: Connect error

Tobias Hachmer tobias at hachmer.de
Wed Dec 4 19:58:31 CET 2013


On 12/04/2013 07:36 PM, Arran Cudbard-Bell wrote:
> On 4 Dec 2013, at 14:02, Hachmer, Tobias <Tobias.Hachmer at stadt-frankfurt.de> wrote:
>
>> Radiusd starts now. But it is still not working.  Now radiusd gets a SIGABRT:
>> ASSERT FAILED src/main/util.c[1025]: 0
> That's not a valid line number, as in there is no assert on that line in either v3.0.x or master. Can you please build a version from source using a current version of 3.0.x or master. Also make sure radiusd is not picking up an old version of the libraries from somewhere.
I will test tomorrow morning when I have access to the system at work.

> For what it's worth, I just tested the LDAP profile functionality, with normal and generic attributes, and it works ok for me. Could you provide a copy of your LDAP configuration (redacted) and the complete output of radiusd -X and i'll try and replicate your issue here.
>
> rlm_ldap (ldap): Reserved connection (4)
> (1) ldap : 	expand: "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(uid=arr2036)'
> (1) ldap : 	expand: "dc=rm-rfi,dc=com" -> 'dc=rm-rfi,dc=com'
> (1) ldap : Performing search in 'dc=rm-rfi,dc=com' with filter '(uid=arr2036)'
> (1) ldap : Waiting for search result...
> (1) ldap : User object found at DN "uid=arr2036,ou=people,dc=rm-rfi,dc=com"
> (1) ldap : 	expand: "cn=test0,cn=profile,dc=rm-rfi,dc=com" -> 'cn=test0,cn=profile,dc=rm-rfi,dc=com'
> (1) ldap : 	expand: "(objectclass=radiusprofile)" -> '(objectclass=radiusprofile)'
> (1) ldap : Performing search in 'cn=test0,cn=profile,dc=rm-rfi,dc=com' with filter '(objectclass=radiusprofile)'
> (1) ldap : Waiting for search result...
> (1) ldap : Processing profile attributes
> (1) ldap : 		reply:Reply-Message := 'Reply attribute from test profile 0'
> (1) ldap : 		request:Reply-Message += 'Generic attribute from test profile 0'
> (1) ldap : 	expand: "(objectclass=radiusprofile)" -> '(objectclass=radiusprofile)'
> (1) ldap : Performing search in 'cn=test1,cn=profile,dc=rm-rfi,dc=com' with filter '(objectclass=radiusprofile)'
> (1) ldap : Waiting for search result...
> (1) ldap : Processing profile attributes
> (1) ldap : 		reply:Reply-Message := 'Reply attribute from test profile 1'
> (1) ldap : 		control:Reply-Message += 'Generic attribute from test profile 1'
> (1) ldap : Processing user attributes
> (1) ldap : 		reply:Reply-Message := 'Reply attribute from user's profile'
> rlm_ldap (ldap): Released connection (4)
>
> I did find a small omission in the LDAP schema, which I will fix. Apparently only a single instance of radiusProfileDn by the old code, but the new code can process as many profiles as there are radiusProfileDn instances.
Very nice, I like that. Less one feature request. To use multiple
profiles I have had used radiusGroupName.
Thanks for the changes!

Regards,
Tobias Hachmer


More information about the Freeradius-Users mailing list