(RADIATOR) Radiator couldn't bind to ldap

Mai Bui maib at centurytel.net
Fri Sep 12 11:33:17 CDT 2003


Support,

I'm having problem with Radiator binding to LDAP when running radpwtst on a 
Linux 8.0 server.  The system environments are Radiator 3.6 and 
openldap-2.0.25, and perl-ldap-0.2701. Radiator and LDAP processes are 
running when tested radpwtst.  Also, I have eliminated LDAP issues because 
I was able to viewed the user from LDAP client and port 389 also listened 
from system.  Here is the errors from log file.

Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in 
/etc/raddb/radtest.cfg line 7
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in 
/etc/raddb/radtest.cfg line 13
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in 
/etc/raddb/radtest.cfg line 19
Fri Sep 12 10:33:03 2003: DEBUG: Reading users file /etc/raddb/users
Fri Sep 12 10:33:04 2003: DEBUG: Reading group file /etc/group
Fri Sep 12 10:33:04 2003: DEBUG: Finished reading configuration file 
'/etc/raddb/radtest.cfg'
Fri Sep 12 10:33:04 2003: DEBUG: Reading dictionary file 
'/etc/raddb/dictionary'
Fri Sep 12 10:33:04 2003: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Sep 12 10:33:04 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Sep 12 10:33:04 2003: NOTICE: Server started: Radiator 3.6 on 
auth.xxxxxxx.net
Fri Sep 12 10:33:32 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Access-Request
Identifier: 212
Authentic:  1234567890123456
Attributes:
         User-Name = "ctyxxxx"
         Service-Type = Framed-User
         NAS-IP-Address = 203.63.154.1
         NAS-Port = 1234
         Called-Station-Id = "123456789"
         Calling-Station-Id = "987654321"
         NAS-Port-Type = Async
         User-Password = 
"<200><141><162>v<209><198>X6<31><235><251><167><228>B<161>d"

Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:32 2003: DEBUG:  Deleting session for ctyxxxx, 
203.63.154.1, 1234
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:32 2003: ERR: Attribute number 79 is not defined in your 
dictionary
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthLDAP2: LDAP
Fri Sep 12 10:33:32 2003: INFO: Connecting to 127.0.0.1, port 389
Fri Sep 12 10:33:32 2003: INFO: Attempting to bind with 
uid=searchuser,dc=xxxxxxx,dc=net, passwd (server 127.0.0.1:389)
Fri Sep 12 10:33:42 2003: ERR: Could not bind connection with 
uid=searchuser,dc=xxxxxxxx,dc=net, passwd, error: LDAP Timeout (server 
127.0.0.1:389).
Fri Sep 12 10:33:42 2003: ERR: Backing off from 127.0.0.1:389 for 600 seconds.
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthFILE IGNORE: User database 
access error
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthUNIX: System
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthUNIX looks for match with ctyxxxx
Fri Sep 12 10:33:42 2003: INFO: Access rejected for ctyxxxx: No such user
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Access-Reject
Identifier: 212
Authentic:  1234567890123456
Attributes:
         Reply-Message = "choice: "
         Reply-Message = "Request Denied"

Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Accounting-Request
Identifier: 213
Authentic:  <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
         User-Name = "ctyxxxx"
         Service-Type = Framed-User
         NAS-IP-Address = 203.63.154.1
         NAS-Port = 1234
         NAS-Port-Type = Async
         Acct-Session-Id = "00001234"
         Acct-Status-Type = Start
         Called-Station-Id = "123456789"
         Calling-Station-Id = "987654321"
         Acct-Delay-Time = 0

Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG:  Adding session for ctyxxxx, 203.63.154.1, 
1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Accounting-Response
Identifier: 213
Authentic:  <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Accounting-Request
Identifier: 214
Authentic:  ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
         User-Name = "ctyxxxx"
         Service-Type = Framed-User
         NAS-IP-Address = 203.63.154.1
         NAS-Port = 1234
         NAS-Port-Type = Async
         Acct-Session-Id = "00001234"
         Acct-Status-Type = Stop
         Called-Station-Id = "123456789"
         Calling-Station-Id = "987654321"
         Acct-Delay-Time = 0
         Acct-Session-Time = 1000
         Acct-Input-Octets = 20000
         Acct-Output-Octets = 30000

Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG:  Deleting session for ctyxxxx, 
203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Accounting-Response
Identifier: 214
Authentic:  ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:

Here is the config file:

##Log Directory
LogDir /var/adm/radacct
##Config Directory
DbDir /etc/raddb
##SNMP Location
SnmpgetProg /usr/local/bin/snmpget
##Log Level (1 is small , 4 is big)
Trace 4
##Clients information location
include %D/clients.cfg
## Strip local realms from incoming iPass users.
RewriteUsername         s/^([^@]+)\@xxxxx/$1/
RewriteUsername         s/^([^@]+)\@xxxxx/$1/
RewriteUsername         s/\s+//g
RewriteUsername         tr/A-Z/a-z/
#
#
#
#
<Realm DEFAULT>
         <AuthBy FILE>
                 Identifier File
         </AuthBy>
         <AuthBy UNIX>
                 Identifier System
                 Filename /etc/shadow
         </AuthBy>
         <AuthBy LDAP2>
                 Identifier LDAP
                 Host    127.0.0.1
                 Port    389
                 AuthDN  uid=searchuser,dc=xxxxxxxxx,dc=net
                 AuthPassword
                 BaseDN  %0=%1,ou=people,dc=xxxxxxx,dc=net
                 Scope   base
                 UsernameAttr    uid
                 PasswordAttr    userPassword
                 HoldServerConnection
                 SearchFilter (&(gecos=active)(uid=%1))
                 AuthAttrDef gidNumber, gid-attr, request
         </AuthBy>
         PostAuthHook file:"%D/postHook"
         AcctLogFileName %L/%N/detail
</REALM>

I have built another authentication server running on Solaris 8 and it is 
working fine, just the one running on Linux8 are having problem and built 
it from sources instead of RPM.  Can you tell from the errors log that 
Radiator having problem access the LDAP (database reside on local system) 
or could be binding or localhost issues?  I have checked database, passwd, 
hosts, hosts.allow, host.deny, ports as well but couldn't resolve the 
issue. Any help is greatly appreciated, and please let me know if you need 
more info to determine the problem.

Thanks,
Mai Bui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030912/57b6864d/attachment.html>


More information about the radiator mailing list