(RADIATOR) LDAP COnnection
Hugh Irvine
hugh at open.com.au
Wed Nov 12 22:45:51 CST 2003
Hello Jaskaran -
Can you please send me a trace 4 debug showing what is happening?
thanks
Hugh
On 13/11/2003, at 3:04 AM, jsingh wrote:
> Hello Hugh
>
> I understand that Radiator is supposed to drop the connection after
> it connects and talks to the LDAP Server. But I can see a connection
> for each of my incoming requests. I changed the configuration file for
> Radiator to sustain one connection, which is not the ideal situation
> as far as my project is concerned. I would like to know if I am
> missing something in my config or is this a bug in radiator. I am
> attaching my config without the secrets. I am using Radiator-3.5 on
> solaris 8 with perl 5.6.1
>
> Thanks
>
>
>
> Foreground
>
> LogStdout
>
> LogDir /var/log/radius3.5.1
>
> DbDir .
>
> Trace 4
>
> PidFile /var/log/radius3.5.1/radiusd.pid
>
> AuthPort 11645
>
> AcctPort 11646
>
> DefineGlobalVar Max 7200
>
> DictionaryFile /usr/local/adm/src/Radiator-3.5/dictionary
>
>
>
> # Clients to suit your site. ###################################
>
> <Client xx.xx.xx.xx>
>
> Secret xxxxxx
>
> DupInterval 0
>
> </Client>
>
> ##################################
>
>
>
> <Client xxxx.fdu.edu>
>
> Secret xxxxx
>
> DupInterval 0
>
> </Client>
>
> ##################################
>
> <Client xxxxxxx>
>
> Secret xxxx
>
> DupInterval 0
>
> </Client>
>
> #################################
>
>
>
> <Client xxx.xx.xx.xxx>
>
> Secret xxx
>
> DupInterval 0
>
> </Client>
>
>
>
> <Client xx.xx.xx.xx>
>
> #Description Cisco AS5300
>
> Secret xxxxx
>
> DupInterval 0
>
> </Client>
>
> <Client xx.xx.xx.xx>
>
> #Description Cisco AS5300
>
> Secret xxxx
>
> DupInterval 1
>
> </Client>
>
> <Client DEFAULT>
>
> Secret
>
> DupInterval 0
>
> </Client>
>
>
>
> <AuthBy LDAP2>
>
> Identifier CheckLDAP
>
> Host xxx.fdu.edu
>
> Port 636
>
> UseSSL
>
> SSLCAPath /usr/local/adm/etc/
>
> BaseDN dc=xxx, dc=xxx
>
> Scope subtree
>
> UsernameAttr xxxxx
>
> PasswordAttr userPassword
>
> ServerChecksPassword
>
> Timeout 2
>
> FailureBackoffTime 30
>
> HoldServerConnection
>
> #CheckAttr cn
>
>
>
> #AuthAttrDef ipaddress,Framed-IP-Address,reply
>
>
>
> AddToReply Framed-Protocol = PPP,\
>
> Framed-Routing = None,\
>
> Framed-MTU = 1500,\
>
> Framed-Compression = Van-Jacobson-TCP-IP,\
>
> Service-Type = Framed-User,\
>
> Idle-Timeout = 300
>
>
>
> Debug 255
>
>
>
> </AuthBy>
> #######################################################################
> ##
>
> <AuthBy SQL>
>
>
>
> Identifier Block-Time-SQL
>
> DBSource dbi:mysql:xxxx:localhost
>
> DBUsername xxxxxx
>
> DBAuth xxx
>
> DefaultSimultaneousUse 1
>
> AccountingTable xxxxx
>
> AuthSelect Select Time_Left from RADUSERS where User_Name='%n'
>
> AuthColumnDef 0, Session-Timeout,reply
>
>
>
> AcctSQLStatement Update RADUSERS set Time_Left=Time_Left
> -'%{Acct-Session-Time}' \
>
> where User_Name='%n';
>
>
>
>
>
> </AuthBy>
> #######################################################################
> #
>
> <AuthLog SQL>
>
> Identifier REQUEST
>
> DBSource dbi:mysql:xxxx:localhost
>
> DBUsername xxxxxx
>
> DBAuth xxxxxx
>
> LogSuccess
>
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP,USERNAME,TYPE)
> values ('%l','%n',1)
>
> LogFailure
>
> FailureQuery insert into RADAUTHLOG
> (TIME_STAMP,USERNAME,TYPE,REASON) values ('%l','%n',0,%1) </AuthLog>
> #######################################################################
> ##
>
> <Realm 1.1>
>
> AuthByPolicy ContinueWhileAccept
>
> PreAuthHookfile:"/usr/local/adm/bin/filename.pl"
>
> AuthBy CheckLDAP
>
> AuthBy Block-Time-SQL
>
> AuthLog REQUEST
>
> MaxSessions 1
>
> PostAuthHookfile:"/usr/local/adm/bin/filename.pl"
>
> SessionDatabase SQLDB
>
> </Realm>
> ################################################################
>
> <Realm 1.1.1>
>
> AccountingHandled
>
> AuthByPolicy ContinueWhileAccept
>
> PreAuthHookfile:"/usr/local/adm/bin/filename.pl"
>
> AuthBy CheckLDAP
>
> AuthBy Block-Time-SQL
>
> PostAuthHookfile:"/usr/local/adm/bin/filename.pl"
>
> MaxSessions 1
>
> SessionDatabase SQLDB
>
> AcctLogFileName /var/radius/Acct
>
> </Realm>
> #######################################################################
>
> <SessionDatabase SQL>
>
> Identifier SQLDB
>
> DBSource dbi:mysql:xxx:localhost
>
> DBUsername xxxxx
>
> DBAuth xxxxx
>
> </SessionDatabase>
>
>
>
>
>
>
>
> Jaskaran Singh
>
> University Systems & Security
>
> Fairleigh Dickinson University
>
> Teaneck,NJ 07666
>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list