Jump to: navigation, search

Troubleshooting the External Authentication Connection

To obtain debugging information about the connection between any Configuration Server, including Configuration Server Proxy, and the RADIUS or LDAP server, use the configuration option verbose described in this section.

authentication Section

This section must be called authentication.

verbose

Default Value: 0
Valid Values:

0 Disables this feature.
1 Produces debug information involving only unexpected situations, data, or internal states.
2 Produces debug information without OpenLDAP library output. (The newer OpenLDAP contains a much larger internal debug size, which reduces system performance. This is the recommended level.)
3 Produces debug information, including all OpenLDAP library output.

Changes Take Effect: If switching of OpenLDAP output occurs, the changes take effect when the next connection is created (after disconnection, timeout expiry, or switch to a new LDAP server). Otherwise, the changes take effect immediately, when the next authentication request is processed.

Specifies the output level for debugging information for the external authentication server. This information is used to troubleshoot the connection between Configuration Server and the RADIUS or LDAP server, from the Configuration Server side.

For any Configuration Server, including Configuration Server Proxy, add this section and option to the options of the Application object.

Example

The following is an example of the authentication section, with the value set to the recommended maximum:

[authentication]
verbose=2

The following log events log events may also help you determine the state of the connection between Configuration Server and those external authentication servers in your configuration. This is in addition to the troubleshooting functionality described elsewhere in this document.

  • 21-24100—Indicates that the connection between Configuration Server and the specified external authentication server has failed, and to which alternate external authentication server Configuration Server is trying to connect.
  • 21-24101—Identifies that no external authentication servers are available. In other words, the connections between Configuration Server and all external authentication servers have failed.
  • 21-24102—Indicates that connection to the specified external authentication server has been restored, and that the server is available for processing authentication requests.

For more information about these log events, refer to the Configuration Server section of the Framework Combined Log Events Help.

This page was last edited on December 13, 2017, at 19:26.
blog comments powered by Disqus