(RADIATOR) Ldap authentication

Denis Pavani d.pavani at cineca.it
Tue Aug 17 07:14:00 CDT 2004 

Hi Hugh, I'll give you the info you requested:
no real error on Ldap server:

Aug 17 14:01:01 krusty slapd[1168]: daemon: conn=30689 fd=10 connection 
from IP=
127.0.0.1:38087 (IP=127.0.0.1:389) accepted.

and no more about this connection

Running on Redhat 2.4.20-20.9smp, openldap-2.0.27, Radiator 3.9, perl 
v5.8.0, perl-ldap-0.26

************************************************************************
Trace 4
************************************************************************
Tue Aug 17 14:00:39 2004: DEBUG: Finished reading configuration file 
'/home/radius/conf/ldap.cfg'
Tue Aug 17 14:00:39 2004: DEBUG: Reading dictionary file 
'/home/radius/Radiator-3.9/dictionary'
Tue Aug 17 14:00:39 2004: DEBUG: Creating authentication port 0.0.0.0:1812
Tue Aug 17 14:00:39 2004: DEBUG: Creating accounting port 0.0.0.0:1813
Tue Aug 17 14:00:39 2004: NOTICE: Server started: Radiator 3.9 on krusty
Tue Aug 17 14:01:01 2004: DEBUG: Packet dump:
*** Received from 130.186.1.192 port 1026 ....
Code:       Access-Request
Identifier: 234
Authentic:  <251><161><149>o<231>G?Z<158><209>OCI>VV
Attributes:
         User-Name = "user at cineca.it"
         User-Password = xxxxxxxxxxxxxxxxxxxxx
         NAS-Port = 0
         LE-Terminate-Detail = "test"
         LE-Advice-of-Charge = "TiNC"
         USR-Terminal-Type = "test"
         NAS-IP-Address = 127.0.0.1

Tue Aug 17 14:01:01 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Tue Aug 17 14:01:01 2004: DEBUG:  Deleting session for user at cineca.it, 
127.0.0.1, 0
Tue Aug 17 14:01:01 2004: DEBUG: Handling with Radius::AuthLDAP2:
Tue Aug 17 14:01:01 2004: INFO: Connecting to 127.0.0.1, port 389
Tue Aug 17 14:01:01 2004: INFO: Attempting to bind to LDAP server 
127.0.0.1:389)
Net::LDAP=HASH(0x83aebd4) sending:

.....
Tue Aug 17 14:01:01 2004: ERR: Could not bind connection with cn=xxxxxxx
.....
error: LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
Tue Aug 17 14:01:01 2004: ERR: Backing off from 127.0.0.1:389 for 600 
seconds.
Tue Aug 17 14:01:04 2004: DEBUG: Packet dump:

******************************************************************************
CONFIGURATION FILE
*****************************************************************************

Foreground
LogStdout
LogDir          .
DbDir           /home/radius/Radiator-3.9
Trace           4
AuthPort        1812
AcctPort        1813

# You will probably want to add other Clients to suit your site.
<Client DEFAULT>
         Secret  removed
         DupInterval 0
</Client>

<Realm DEFAULT>
         <AuthBy LDAP2>
                 NoDefault
                 # Tell Radiator how to talk to the LDAP server
                 Host 127.0.0.1
                 # You will only need these if your LDAP server
                 # requires authentication. These are the examples
                 # in a default OpenLDAP installation
                 # see /etc/openldap/slapd.conf
                 AuthDN cn=Mxxxxxxxxx
                 AuthPassword    removed
                 # This the top of the search tree where users
                 # will be found. It should match the configuration
                 # of your server, see /etc/openldap/slapd.conf
                 BaseDN          xxxxxxxxx

                 # This is the LDAP attribute to match the radius username
                 UsernameAttr    mail

                 # If you dont specify ServerChecksPassword, you
                 # need to tell Radiator wjhich attribute contains
                 # the password. It can be plaintext or encrypted

                 EncryptedPasswordAttr    userPassword
                 #ServerChecksPassword

                 # These are the classic things to add to each users
                 # reply to allow a PPP dialup session. It may be
                 # different for your NAS. This will add some
                 # reply items to everyone's reply
                 # module with this:
                 Debug 255

         </AuthBy>
</Realm>

Thanks a lot.
Regards
Denis

Hugh Irvine wrote:
> 
> Hello Denis -
> 
> I will need to see a copy of your configuration file (no secrets)  
> together with a more complete trace 4 debug showing the startup  
> sequence and the request processing. And what error messages do you get  
> on the LDAP server? And what LDAP server are you running? And what  
> version of Radiator, Perl, and perl-ldap? And what operating system are  
> you using?
> 
> A Google search on "LDAP_REFERRAL_LIMIT_EXCEEDED" yields many useful  
> links.
> 
> regards
> 
> Hugh
> 
> 
> On 16 Aug 2004, at 20:48, Denis Pavani wrote:
> 
>> Hi all, I'm trying to use LDAP authentication in a new installation.
>> I tried ldap.cfg in goodies directory, usually working perfectly.
>> This time I obtain an error I trapped debugging Net::Ldap.
>> I suppose there is not a loop in ldap binding, but perhaps this  
>> machine lacks a module or something similar.
>> Any suggestion?
>>
>> thanks in advance.
>> denis
>>
>> Mon Aug 16 12:24:45 2004: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Mon Aug 16 12:24:45 2004: DEBUG:  Deleting session for user at cineca.it,
>> 127.0.0.1, 0
>> Mon Aug 16 12:24:45 2004: DEBUG: Handling with Radius::AuthLDAP2:
>> Mon Aug 16 12:24:45 2004: INFO: Connecting to 127.0.0.1, port 389
>> Mon Aug 16 12:24:45 2004: INFO: Attempting to bind to LDAP server  
>> 127.0.0.1:389)
>> Net::LDAP=HASH(0x83aee90) sending:
>>
>> 30 37 02 01 01 60 32 02 01 02 04 22 63 6E 3D 4D 07...`2...."cn=M
>> 61 6E 61 67 65 72 2C 6F 75 3D 70 65 6F 70 6C 65 removed,ou=people
>> Mon Aug 16 12:24:45 2004: ERR: Could not bind connection with
>> cn=removed,ou=people,o=CINECA,c=IT, password, error:
>> LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
>> Mon Aug 16 12:24:45 2004: ERR: Backing off from 127.0.0.1:389 for 600
>> seconds.
>>
>> --  
>> *********************************************************************** *
>> Denis Pavani
>>
>> CINECA    -    Comunicazioni e Sistemi Distribuiti
>> NOC - Network Operations Center
>>
>> phone:+39 0516171953 / fax:+39 0516132198
>> http://www.cineca.it
>> *********************************************************************** *
>>  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
>>   -- Gunny Highway
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 

-- 
************************************************************************
Denis Pavani

CINECA    -    Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center

phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
   -- Gunny Highway

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list