(RADIATOR) LDAP Problem ERESTARTSYS ?
Nick
nteagle at bis-internet.co.uk
Wed Mar 12 11:07:46 CST 2003
I've a config which authenticates against ldap server (iplanet 5.1). I
developed the config on a sun box and have now move it to a linux
machine runing redhat 8.1.
It now fails on a bind connect to the ldap server back on the sun box.
I have wrote a little Net::Ldap script to make sure the connections are
ok and they are.
I then did a strace on the radiusd server and I get a strange read error
on the socket, see below
3588 write(6, "0)\2\1\1`$\2\1\2\4\24cn=Directory
Manager\200\10bisadmin", 42) = 42
3588 read(6, 0x88fe300, 2) = ? ERESTARTSYS (To be restarted)
having a look at an strace on the little perl script I get
3582 write(3, "0(\2\1\1`#\2\1\2\4\24cn=Directory
Manager\200\10bisadmin", 42) = 42
3582 read(3, "0\f", 2) = 2
3582 read(3, "\2\1\1a\7\n\1\0\4\0\4\0", 12) = 12
So I tried editing AuthLDAP2 and if I took out the
&Radius::Util::exec_timeout bind on line 525 and just hard coded a
bind operation it worked but then just failed a bit further on when it
does a search. I then tried taking the search out of the
&Radius::Util::exec_timeout but then it just hung with the same error
as above.
I'm not sure what to try now ?
I'm running Radaitor 3.5 and the Net::Ldap 0.2701
my config is:
Foreground
LogStdout
LogDir /apps/radius/logs
DbDir /apps/radius
Trace 4
<Client DEFAULT>
Secret XXXXX
DupInterval 0
</Client>
<AddressAllocator SQL>
Identifier ALLOSQL
DBSource dbi:Pg:dbname=radius
DBUsername radius
DBAuth radius
DefaultLeasePeriod 172800
LeaseReclaimInterval 7200
<AddressPool pool101>
Subnetmask 255.255.255.128
Range XXXXXXX
</AddressPool>
</AddressAllocator>
<AuthBy DYNADDRESS>
Identifier DYNADDR
PoolHint %{Reply:PoolHint}
AddressAllocator ALLOSQL
StripFromReply PoolHint
</AuthBy>
<AuthBy SQL>
Identifier ACCTSQL
DBSource dbi:Pg:dbname=radius
DBUsername radius
DBAuth radius
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIP,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CLI,Calling-Station-Id
AcctColumnDef DNIS,Called-Station-Id
</AuthBy>
<AuthBy LDAP2>
Identifier AUTHLDAPADSL
Host ops
AuthDN cn=Directory Manager
AuthPassword bisadmin
BaseDN ou=People, o=%W, o=internet
UsernameAttr uid
HoldServerConnection
ServerChecksPassword
AuthAttrDef radiusServiceType,Service-Type,reply
AuthAttrDef radiusFramedProtocol,Framed-Protocol,reply
AuthAttrDef radiusCisco-AVPair,Cisco-AVPair,reply
AuthAttrDef radiusFramedIPAddress,Framed-IP-Address,reply
AuthAttrDef radiusFramedIPNetmask,Framed-IP-Netmask,reply
AuthAttrDef radiusPoolHint,PoolHint,reply
</AuthBy>
<Handler NAS-Identifier=nas.bis.com>
AuthByPolicy ContinueUntilIgnore
MaxSessions 1
RewriteUsername s/^([^@]+).*/$1/
AuthBy ACCTSQL
AuthBy AUTHLDAPADSL
AuthBy DYNADDR
<SessionDatabase SQL>
DBSource dbi:Pg:dbname=radius
DBUsername radius
DBAuth radius
</SessionDatabase>
</Handler>
My config is below:
--
Nick Teagle
CTO
Tel: 0207 861 9329
Mob: 0774 0637 919
Fax: 0870 1345 183
Email: nteagle at bis-internet.co.uk
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list