(RADIATOR) Radiator couldn't bind to ldap
Hugh Irvine
hugh at open.com.au
Sat Sep 13 02:19:32 CDT 2003
Hello Mai -
There are some known problems with Redhat 8 and 9.
See this FAQ item:
http://www.open.com.au/radiator/faq.html#127
regards
Hugh
On Saturday, Sep 13, 2003, at 02:33 Australia/Melbourne, Mai Bui wrote:
> Support,
>
> I'm having problem with Radiator binding to LDAP when running radpwtst
> on a Linux 8.0 server. The system environments are Radiator 3.6 and
> openldap-2.0.25, and perl-ldap-0.2701. Radiator and LDAP processes are
> running when tested radpwtst. Also, I have eliminated LDAP issues
> because I was able to viewed the user from LDAP client and port 389
> also listened from system. Here is the errors from log file.
>
> Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
> /etc/raddb/radtest.cfg line 7
> Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
> /etc/raddb/radtest.cfg line 13
> Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in
> /etc/raddb/radtest.cfg line 19
> Fri Sep 12 10:33:03 2003: DEBUG: Reading users file /etc/raddb/users
> Fri Sep 12 10:33:04 2003: DEBUG: Reading group file /etc/group
> Fri Sep 12 10:33:04 2003: DEBUG: Finished reading configuration file
> '/etc/raddb/radtest.cfg'
> Fri Sep 12 10:33:04 2003: DEBUG: Reading dictionary file
> '/etc/raddb/dictionary'
> Fri Sep 12 10:33:04 2003: DEBUG: Creating authentication port
> 0.0.0.0:1645
> Fri Sep 12 10:33:04 2003: DEBUG: Creating accounting port 0.0.0.0:1646
> Fri Sep 12 10:33:04 2003: NOTICE: Server started: Radiator 3.6 on
> auth.xxxxxxx.net
> Fri Sep 12 10:33:32 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32809 ....
> Code: Access-Request
> Identifier: 212
> Authentic: 1234567890123456
> Attributes:
> User-Name = "ctyxxxx"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<200><141><162>v<209><198>X6<31><235><251><167><228>B<161>d"
>
> Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:32 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Sep 12 10:33:32 2003: DEBUG: Deleting session for ctyxxxx,
> 203.63.154.1, 1234
> Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthFILE: File
> Fri Sep 12 10:33:32 2003: ERR: Attribute number 79 is not defined in
> your dictionary
> Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with
> ctyxxxx
> Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthLDAP2: LDAP
> Fri Sep 12 10:33:32 2003: INFO: Connecting to 127.0.0.1, port 389
> Fri Sep 12 10:33:32 2003: INFO: Attempting to bind with
> uid=searchuser,dc=xxxxxxx,dc=net, passwd (server 127.0.0.1:389)
> Fri Sep 12 10:33:42 2003: ERR: Could not bind connection with
> uid=searchuser,dc=xxxxxxxx,dc=net, passwd, error: LDAP Timeout (server
> 127.0.0.1:389).
> Fri Sep 12 10:33:42 2003: ERR: Backing off from 127.0.0.1:389 for 600
> seconds.
> Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthFILE IGNORE: User
> database access error
> Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthUNIX: System
> Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthUNIX looks for match with
> ctyxxxx
> Fri Sep 12 10:33:42 2003: INFO: Access rejected for ctyxxxx: No such
> user
> Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32809 ....
> Code: Access-Reject
> Identifier: 212
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "choice: "
> Reply-Message = "Request Denied"
>
> Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32809 ....
> Code: Accounting-Request
> Identifier: 213
> Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
> Attributes:
> User-Name = "ctyxxxx"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
>
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Sep 12 10:33:42 2003: DEBUG: Adding session for ctyxxxx,
> 203.63.154.1, 1234
> Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
> Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
> Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32809 ....
> Code: Accounting-Response
> Identifier: 213
> Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
> Attributes:
> Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32809 ....
> Code: Accounting-Request
> Identifier: 214
> Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
> Attributes:
> User-Name = "ctyxxxx"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
> Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Sep 12 10:33:42 2003: DEBUG: Deleting session for ctyxxxx,
> 203.63.154.1, 1234
> Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
> Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
> Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32809 ....
> Code: Accounting-Response
> Identifier: 214
> Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
> Attributes:
>
> Here is the config file:
>
> ##Log Directory
> LogDir /var/adm/radacct
> ##Config Directory
> DbDir /etc/raddb
> ##SNMP Location
> SnmpgetProg /usr/local/bin/snmpget
> ##Log Level (1 is small , 4 is big)
> Trace 4
> ##Clients information location
> include %D/clients.cfg
> ## Strip local realms from incoming iPass users.
> RewriteUsername s/^([^@]+)\@xxxxx/$1/
> RewriteUsername s/^([^@]+)\@xxxxx/$1/
> RewriteUsername s/\s+//g
> RewriteUsername tr/A-Z/a-z/
> #
> #
> #
> #
> <Realm DEFAULT>
> <AuthBy FILE>
> Identifier File
> </AuthBy>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
> <AuthBy LDAP2>
> Identifier LDAP
> Host 127.0.0.1
> Port 389
> AuthDN uid=searchuser,dc=xxxxxxxxx,dc=net
> AuthPassword
> BaseDN %0=%1,ou=people,dc=xxxxxxx,dc=net
> Scope base
> UsernameAttr uid
> PasswordAttr userPassword
> HoldServerConnection
> SearchFilter (&(gecos=active)(uid=%1))
> AuthAttrDef gidNumber, gid-attr, request
> </AuthBy>
> PostAuthHook file:"%D/postHook"
> AcctLogFileName %L/%N/detail
> </REALM>
>
> I have built another authentication server running on Solaris 8 and it
> is working fine, just the one running on Linux8 are having problem and
> built it from sources instead of RPM. Can you tell from the errors
> log that Radiator having problem access the LDAP (database reside on
> local system) or could be binding or localhost issues? I have checked
> database, passwd, hosts, hosts.allow, host.deny, ports as well but
> couldn't resolve the issue. Any help is greatly appreciated, and
> please let me know if you need more info to determine the problem.
>
> Thanks,
> Mai Bui
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list