(RADIATOR) LDAP Problem ERESTARTSYS ?

Nick nteagle at bis-internet.co.uk
Wed Mar 12 11:07:46 CST 2003


I've a config which authenticates against ldap server (iplanet 5.1). I 
developed the config on a sun box and have now move it to a linux 
machine runing redhat 8.1.

It now fails on a bind connect to the ldap server back on the sun box.

I have wrote a little Net::Ldap script to make sure the connections are 
ok and they are.

I then did a strace on the radiusd server and I get a strange read error
on the socket, see below

3588  write(6, "0)\2\1\1`$\2\1\2\4\24cn=Directory 
Manager\200\10bisadmin", 42) = 42
3588  read(6, 0x88fe300, 2)             = ? ERESTARTSYS (To be restarted)

having a look at an strace on the little perl script I get

3582  write(3, "0(\2\1\1`#\2\1\2\4\24cn=Directory 
Manager\200\10bisadmin", 42) = 42
3582  read(3, "0\f", 2)                 = 2
3582  read(3, "\2\1\1a\7\n\1\0\4\0\4\0", 12) = 12

So I tried editing AuthLDAP2 and if I took out the
&Radius::Util::exec_timeout bind on line 525 and just hard coded a
bind operation it worked but then just failed a bit further on when it 
does a search. I then tried taking the search out of the 
&Radius::Util::exec_timeout but then it just hung with the same error
as above.

I'm not sure what to try now ?

I'm running Radaitor 3.5 and the Net::Ldap 0.2701

my config is:


Foreground
LogStdout
LogDir          /apps/radius/logs
DbDir           /apps/radius
Trace           4

<Client DEFAULT>
         Secret  XXXXX
         DupInterval 0
</Client>

<AddressAllocator SQL>
     Identifier ALLOSQL
     DBSource    dbi:Pg:dbname=radius
     DBUsername  radius
     DBAuth      radius
         DefaultLeasePeriod      172800
         LeaseReclaimInterval    7200

         <AddressPool pool101>
                 Subnetmask      255.255.255.128
                 Range XXXXXXX

         </AddressPool>
</AddressAllocator>

<AuthBy DYNADDRESS>
         Identifier      DYNADDR
         PoolHint %{Reply:PoolHint}
         AddressAllocator        ALLOSQL
         StripFromReply PoolHint
</AuthBy>

<AuthBy SQL>
     Identifier ACCTSQL
     DBSource    dbi:Pg:dbname=radius
     DBUsername  radius
     DBAuth      radius
     AuthSelect
     AccountingTable ACCOUNTING
     AcctColumnDef   USERNAME,User-Name
     AcctColumnDef   TIME_STAMP,Timestamp,integer
     AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
     AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
     AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
     AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
     AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
     AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
     AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
     AcctColumnDef   NASIDENTIFIER,NAS-Identifier
     AcctColumnDef   NASIP,NAS-IP-Address
     AcctColumnDef   NASPORT,NAS-Port,integer
     AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
     AcctColumnDef   CLI,Calling-Station-Id
     AcctColumnDef   DNIS,Called-Station-Id
</AuthBy>

<AuthBy LDAP2>
         Identifier AUTHLDAPADSL
         Host            ops
         AuthDN          cn=Directory Manager
         AuthPassword    bisadmin
         BaseDN          ou=People, o=%W, o=internet
         UsernameAttr    uid
         HoldServerConnection
         ServerChecksPassword
         AuthAttrDef radiusServiceType,Service-Type,reply
         AuthAttrDef radiusFramedProtocol,Framed-Protocol,reply
         AuthAttrDef radiusCisco-AVPair,Cisco-AVPair,reply
         AuthAttrDef radiusFramedIPAddress,Framed-IP-Address,reply
         AuthAttrDef radiusFramedIPNetmask,Framed-IP-Netmask,reply
         AuthAttrDef radiusPoolHint,PoolHint,reply
</AuthBy>

<Handler NAS-Identifier=nas.bis.com>
         AuthByPolicy ContinueUntilIgnore
         MaxSessions 1
         RewriteUsername s/^([^@]+).*/$1/
         AuthBy ACCTSQL
         AuthBy AUTHLDAPADSL
         AuthBy DYNADDR

         <SessionDatabase SQL>
                 DBSource    dbi:Pg:dbname=radius
                 DBUsername  radius
                 DBAuth      radius
         </SessionDatabase>
</Handler>






My config is below:



-- 
Nick Teagle
CTO
Tel: 0207 861 9329
Mob: 0774 0637 919
Fax: 0870 1345 183
Email: nteagle at bis-internet.co.uk

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list