(RADIATOR) Radiator couldn't bind to ldap
Mai Bui
maib at centurytel.net
Fri Sep 12 11:33:17 CDT 2003
Support,
I'm having problem with Radiator binding to LDAP when running radpwtst on a
Linux 8.0 server. The system environments are Radiator 3.6 and
openldap-2.0.25, and perl-ldap-0.2701. Radiator and LDAP processes are
running when tested radpwtst. Also, I have eliminated LDAP issues because
I was able to viewed the user from LDAP client and port 389 also listened
from system. Here is the errors from log file.
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
/etc/raddb/radtest.cfg line 7
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
/etc/raddb/radtest.cfg line 13
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
/etc/raddb/radtest.cfg line 19
Fri Sep 12 10:33:03 2003: DEBUG: Reading users file /etc/raddb/users
Fri Sep 12 10:33:04 2003: DEBUG: Reading group file /etc/group
Fri Sep 12 10:33:04 2003: DEBUG: Finished reading configuration file
'/etc/raddb/radtest.cfg'
Fri Sep 12 10:33:04 2003: DEBUG: Reading dictionary file
'/etc/raddb/dictionary'
Fri Sep 12 10:33:04 2003: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Sep 12 10:33:04 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Sep 12 10:33:04 2003: NOTICE: Server started: Radiator 3.6 on
auth.xxxxxxx.net
Fri Sep 12 10:33:32 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code: Access-Request
Identifier: 212
Authentic: 1234567890123456
Attributes:
User-Name = "ctyxxxx"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<200><141><162>v<209><198>X6<31><235><251><167><228>B<161>d"
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:32 2003: DEBUG: Deleting session for ctyxxxx,
203.63.154.1, 1234
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:32 2003: ERR: Attribute number 79 is not defined in your
dictionary
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthLDAP2: LDAP
Fri Sep 12 10:33:32 2003: INFO: Connecting to 127.0.0.1, port 389
Fri Sep 12 10:33:32 2003: INFO: Attempting to bind with
uid=searchuser,dc=xxxxxxx,dc=net, passwd (server 127.0.0.1:389)
Fri Sep 12 10:33:42 2003: ERR: Could not bind connection with
uid=searchuser,dc=xxxxxxxx,dc=net, passwd, error: LDAP Timeout (server
127.0.0.1:389).
Fri Sep 12 10:33:42 2003: ERR: Backing off from 127.0.0.1:389 for 600 seconds.
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthFILE IGNORE: User database
access error
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthUNIX: System
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthUNIX looks for match with ctyxxxx
Fri Sep 12 10:33:42 2003: INFO: Access rejected for ctyxxxx: No such user
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Access-Reject
Identifier: 212
Authentic: 1234567890123456
Attributes:
Reply-Message = "choice: "
Reply-Message = "Request Denied"
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code: Accounting-Request
Identifier: 213
Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
User-Name = "ctyxxxx"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Adding session for ctyxxxx, 203.63.154.1,
1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Accounting-Response
Identifier: 213
Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code: Accounting-Request
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
User-Name = "ctyxxxx"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Deleting session for ctyxxxx,
203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Accounting-Response
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
Here is the config file:
##Log Directory
LogDir /var/adm/radacct
##Config Directory
DbDir /etc/raddb
##SNMP Location
SnmpgetProg /usr/local/bin/snmpget
##Log Level (1 is small , 4 is big)
Trace 4
##Clients information location
include %D/clients.cfg
## Strip local realms from incoming iPass users.
RewriteUsername s/^([^@]+)\@xxxxx/$1/
RewriteUsername s/^([^@]+)\@xxxxx/$1/
RewriteUsername s/\s+//g
RewriteUsername tr/A-Z/a-z/
#
#
#
#
<Realm DEFAULT>
<AuthBy FILE>
Identifier File
</AuthBy>
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
</AuthBy>
<AuthBy LDAP2>
Identifier LDAP
Host 127.0.0.1
Port 389
AuthDN uid=searchuser,dc=xxxxxxxxx,dc=net
AuthPassword
BaseDN %0=%1,ou=people,dc=xxxxxxx,dc=net
Scope base
UsernameAttr uid
PasswordAttr userPassword
HoldServerConnection
SearchFilter (&(gecos=active)(uid=%1))
AuthAttrDef gidNumber, gid-attr, request
</AuthBy>
PostAuthHook file:"%D/postHook"
AcctLogFileName %L/%N/detail
</REALM>
I have built another authentication server running on Solaris 8 and it is
working fine, just the one running on Linux8 are having problem and built
it from sources instead of RPM. Can you tell from the errors log that
Radiator having problem access the LDAP (database reside on local system)
or could be binding or localhost issues? I have checked database, passwd,
hosts, hosts.allow, host.deny, ports as well but couldn't resolve the
issue. Any help is greatly appreciated, and please let me know if you need
more info to determine the problem.
Thanks,
Mai Bui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030912/57b6864d/attachment.html>
More information about the radiator
mailing list