(RADIATOR) Fwd: Odd LDAP2 behaviour

Hugh Irvine hugh at open.com.au
Wed Aug 4 21:22:08 CDT 2004 


Begin forwarded message:

> From: "Mark O'Leary" <mark at man.ac.uk>
> Date: 4 August 2004 20:23:57 GMT+10:00
> To: <hugh at open.com.au>
> Subject: FW: Odd LDAP2 behaviour
>
> Hugh,
>
> Sorry to mail you direct, but I tried to send this to the radiator 
> list, and
> it hasn’t come through for some reason. Could you ensure it gets to 
> the list
> (and, preferably, comment on the problem!)
>
> Cheers,
>
> M.
>
>
> --
> Mark O'Leary, COS-NetSys, Manchester Computing.
> "Any technology that does not appear magical is insufficiently 
> advanced."
>
> -----Original Message-----
> From: Mark O'Leary [mailto:mark at man.ac.uk]
> Sent: 03 August 2004 13:16
> To: 'radiator at open.com.au'
> Subject: Odd LDAP2 behaviour
>
> Testing a newly installed Radiator 3.9 on Mandrake 10 official.
>
> I'm seeing something weird. When testing the server with radpwtst 
> against a
> config that issues an LDAP authentication, if the LDAP server returns 
> an
> error, thus:
>
> Tue Aug  3 12:13:08 2004: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32844 ....
> Code:       Access-Request
> Identifier: 38
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "moleary"
>         Service-Type = Framed-User
>         NAS-IP-Address = ***.***.***.***
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = "*****************************"
>
> Tue Aug  3 12:13:08 2004: DEBUG: Handling request with Handler
> 'Realm=***.**.**'
> Tue Aug  3 12:13:08 2004: DEBUG: Rewrote user name to moleary
> Tue Aug  3 12:13:08 2004: DEBUG: Rewrote user name to moleary
> Tue Aug  3 12:13:08 2004: DEBUG:  Deleting session for moleary, 
> ******,1234
> Tue Aug  3 12:13:08 2004: DEBUG: Handling with Radius::AuthLDAP2: 
> MANCHESTER
>
> Tue Aug  3 12:13:08 2004: ERR: ldap search failed with error
> LDAP_OPERATIONS_ERROR.
> Tue Aug  3 12:13:08 2004: ERR: Disconnecting from LDAP server (server
> ldap.******:389).
>
> radiusd crashes out with the following message on the commandline:
>
> Can't use an undefined value as a symbol reference at 
> Radius/AuthLDAP2.pm
> line 362, <DATA> line 450.
>
> Anyone seen anything like this before? Help much appreciated...
>
> M.
>
>
>
> Relevant excerpts from the config:
>
> <AuthBy LDAP2>
>         BaseDN                  c=uk
>         CheckAttr               DialupCheckItem
>         DefaultReply            Service-Type=Framed-User,\
>                                 Framed-Protocol=PPP,\
>                                 Framed-IP-Address=255.255.255.254,\
>                                 Framed-IP-Netmask=255.255.255.0,\
>                                 Framed-IPX-Network=255.255.255.254
>         DefaultSimultaneousUse  2
>         Description             *** LDAP Service
>         FailureBackoffTime      30
>         HoldServerConnection
>         Host                    ldap.***.**.**
>         Identifier              MANCHESTER
>         # NoDefault
>         PasswordAttr            userPassword
>         Port                    389
>         # RejectEmptyPassword
>         ReplyAttr               DialupReplyItem
>         Scope                   sub
>         ServerChecksPassword
>         Timeout                 10
>         UsernameAttr            uid
> </AuthBy>
>
> <Realm man.ac.uk>
>         RewriteUsername         s/^([^@]+).*/$1/
>         RewriteUsername         tr/A-Z/a-z/
>         AcctLogFileName         %L/man-detail.%m%y
>         AuthBy                  MANCHESTER
>         AuthByPolicy            ContinueWhileReject
>         Description             Standard University authentication
>         MaxSessions             2
>         RejectHasReason
> </Realm>
>
> --
> Mark O'Leary, COS-NetSys, Manchester Computing.
> "Any technology that does not appear magical is insufficiently 
> advanced."
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.730 / Virus Database: 485 - Release Date: 28/07/2004
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.730 / Virus Database: 485 - Release Date: 28/07/2004
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list