(RADIATOR) Ldap authentication
Denis Pavani
d.pavani at cineca.it
Tue Aug 17 07:14:00 CDT 2004
Hi Hugh, I'll give you the info you requested:
no real error on Ldap server:
Aug 17 14:01:01 krusty slapd[1168]: daemon: conn=30689 fd=10 connection
from IP=
127.0.0.1:38087 (IP=127.0.0.1:389) accepted.
and no more about this connection
Running on Redhat 2.4.20-20.9smp, openldap-2.0.27, Radiator 3.9, perl
v5.8.0, perl-ldap-0.26
************************************************************************
Trace 4
************************************************************************
Tue Aug 17 14:00:39 2004: DEBUG: Finished reading configuration file
'/home/radius/conf/ldap.cfg'
Tue Aug 17 14:00:39 2004: DEBUG: Reading dictionary file
'/home/radius/Radiator-3.9/dictionary'
Tue Aug 17 14:00:39 2004: DEBUG: Creating authentication port 0.0.0.0:1812
Tue Aug 17 14:00:39 2004: DEBUG: Creating accounting port 0.0.0.0:1813
Tue Aug 17 14:00:39 2004: NOTICE: Server started: Radiator 3.9 on krusty
Tue Aug 17 14:01:01 2004: DEBUG: Packet dump:
*** Received from 130.186.1.192 port 1026 ....
Code: Access-Request
Identifier: 234
Authentic: <251><161><149>o<231>G?Z<158><209>OCI>VV
Attributes:
User-Name = "user at cineca.it"
User-Password = xxxxxxxxxxxxxxxxxxxxx
NAS-Port = 0
LE-Terminate-Detail = "test"
LE-Advice-of-Charge = "TiNC"
USR-Terminal-Type = "test"
NAS-IP-Address = 127.0.0.1
Tue Aug 17 14:01:01 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Aug 17 14:01:01 2004: DEBUG: Deleting session for user at cineca.it,
127.0.0.1, 0
Tue Aug 17 14:01:01 2004: DEBUG: Handling with Radius::AuthLDAP2:
Tue Aug 17 14:01:01 2004: INFO: Connecting to 127.0.0.1, port 389
Tue Aug 17 14:01:01 2004: INFO: Attempting to bind to LDAP server
127.0.0.1:389)
Net::LDAP=HASH(0x83aebd4) sending:
.....
Tue Aug 17 14:01:01 2004: ERR: Could not bind connection with cn=xxxxxxx
.....
error: LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
Tue Aug 17 14:01:01 2004: ERR: Backing off from 127.0.0.1:389 for 600
seconds.
Tue Aug 17 14:01:04 2004: DEBUG: Packet dump:
******************************************************************************
CONFIGURATION FILE
*****************************************************************************
Foreground
LogStdout
LogDir .
DbDir /home/radius/Radiator-3.9
Trace 4
AuthPort 1812
AcctPort 1813
# You will probably want to add other Clients to suit your site.
<Client DEFAULT>
Secret removed
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy LDAP2>
NoDefault
# Tell Radiator how to talk to the LDAP server
Host 127.0.0.1
# You will only need these if your LDAP server
# requires authentication. These are the examples
# in a default OpenLDAP installation
# see /etc/openldap/slapd.conf
AuthDN cn=Mxxxxxxxxx
AuthPassword removed
# This the top of the search tree where users
# will be found. It should match the configuration
# of your server, see /etc/openldap/slapd.conf
BaseDN xxxxxxxxx
# This is the LDAP attribute to match the radius username
UsernameAttr mail
# If you dont specify ServerChecksPassword, you
# need to tell Radiator wjhich attribute contains
# the password. It can be plaintext or encrypted
EncryptedPasswordAttr userPassword
#ServerChecksPassword
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
# module with this:
Debug 255
</AuthBy>
</Realm>
Thanks a lot.
Regards
Denis
Hugh Irvine wrote:
>
> Hello Denis -
>
> I will need to see a copy of your configuration file (no secrets)
> together with a more complete trace 4 debug showing the startup
> sequence and the request processing. And what error messages do you get
> on the LDAP server? And what LDAP server are you running? And what
> version of Radiator, Perl, and perl-ldap? And what operating system are
> you using?
>
> A Google search on "LDAP_REFERRAL_LIMIT_EXCEEDED" yields many useful
> links.
>
> regards
>
> Hugh
>
>
> On 16 Aug 2004, at 20:48, Denis Pavani wrote:
>
>> Hi all, I'm trying to use LDAP authentication in a new installation.
>> I tried ldap.cfg in goodies directory, usually working perfectly.
>> This time I obtain an error I trapped debugging Net::Ldap.
>> I suppose there is not a loop in ldap binding, but perhaps this
>> machine lacks a module or something similar.
>> Any suggestion?
>>
>> thanks in advance.
>> denis
>>
>> Mon Aug 16 12:24:45 2004: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Mon Aug 16 12:24:45 2004: DEBUG: Deleting session for user at cineca.it,
>> 127.0.0.1, 0
>> Mon Aug 16 12:24:45 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> Mon Aug 16 12:24:45 2004: INFO: Connecting to 127.0.0.1, port 389
>> Mon Aug 16 12:24:45 2004: INFO: Attempting to bind to LDAP server
>> 127.0.0.1:389)
>> Net::LDAP=HASH(0x83aee90) sending:
>>
>> 30 37 02 01 01 60 32 02 01 02 04 22 63 6E 3D 4D 07...`2...."cn=M
>> 61 6E 61 67 65 72 2C 6F 75 3D 70 65 6F 70 6C 65 removed,ou=people
>> Mon Aug 16 12:24:45 2004: ERR: Could not bind connection with
>> cn=removed,ou=people,o=CINECA,c=IT, password, error:
>> LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
>> Mon Aug 16 12:24:45 2004: ERR: Backing off from 127.0.0.1:389 for 600
>> seconds.
>>
>> --
>> *********************************************************************** *
>> Denis Pavani
>>
>> CINECA - Comunicazioni e Sistemi Distribuiti
>> NOC - Network Operations Center
>>
>> phone:+39 0516171953 / fax:+39 0516132198
>> http://www.cineca.it
>> *********************************************************************** *
>> "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
>> -- Gunny Highway
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
--
************************************************************************
Denis Pavani
CINECA - Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center
phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
"Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
-- Gunny Highway
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list