(RADIATOR) Ldap authentication

Denis Pavani d.pavani at cineca.it
Tue Aug 17 07:50:30 CDT 2004 

Ok, I fixed it.
If I call radiusd from tcsh it gives me the error I sent you, if I call 
radiusd from sh it works.

*perplexed but satisfied*

Bye all.
Denis

Denis Pavani wrote:

> Hi Hugh, I'll give you the info you requested:
> no real error on Ldap server:
> 
> Aug 17 14:01:01 krusty slapd[1168]: daemon: conn=30689 fd=10 connection 
> from IP=
> 127.0.0.1:38087 (IP=127.0.0.1:389) accepted.
> 
> and no more about this connection
> 
> Running on Redhat 2.4.20-20.9smp, openldap-2.0.27, Radiator 3.9, perl 
> v5.8.0, perl-ldap-0.26
> 
> ************************************************************************
> Trace 4
> ************************************************************************
> Tue Aug 17 14:00:39 2004: DEBUG: Finished reading configuration file 
> '/home/radius/conf/ldap.cfg'
> Tue Aug 17 14:00:39 2004: DEBUG: Reading dictionary file 
> '/home/radius/Radiator-3.9/dictionary'
> Tue Aug 17 14:00:39 2004: DEBUG: Creating authentication port 0.0.0.0:1812
> Tue Aug 17 14:00:39 2004: DEBUG: Creating accounting port 0.0.0.0:1813
> Tue Aug 17 14:00:39 2004: NOTICE: Server started: Radiator 3.9 on krusty
> Tue Aug 17 14:01:01 2004: DEBUG: Packet dump:
> *** Received from 130.186.1.192 port 1026 ....
> Code:       Access-Request
> Identifier: 234
> Authentic:  <251><161><149>o<231>G?Z<158><209>OCI>VV
> Attributes:
>         User-Name = "user at cineca.it"
>         User-Password = xxxxxxxxxxxxxxxxxxxxx
>         NAS-Port = 0
>         LE-Terminate-Detail = "test"
>         LE-Advice-of-Charge = "TiNC"
>         USR-Terminal-Type = "test"
>         NAS-IP-Address = 127.0.0.1
> 
> Tue Aug 17 14:01:01 2004: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
> Tue Aug 17 14:01:01 2004: DEBUG:  Deleting session for user at cineca.it, 
> 127.0.0.1, 0
> Tue Aug 17 14:01:01 2004: DEBUG: Handling with Radius::AuthLDAP2:
> Tue Aug 17 14:01:01 2004: INFO: Connecting to 127.0.0.1, port 389
> Tue Aug 17 14:01:01 2004: INFO: Attempting to bind to LDAP server 
> 127.0.0.1:389)
> Net::LDAP=HASH(0x83aebd4) sending:
> 
> .....
> Tue Aug 17 14:01:01 2004: ERR: Could not bind connection with cn=xxxxxxx
> .....
> error: LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
> Tue Aug 17 14:01:01 2004: ERR: Backing off from 127.0.0.1:389 for 600 
> seconds.
> Tue Aug 17 14:01:04 2004: DEBUG: Packet dump:
> 
> ****************************************************************************** 
> 
> CONFIGURATION FILE
> ***************************************************************************** 
> 
> 
> Foreground
> LogStdout
> LogDir          .
> DbDir           /home/radius/Radiator-3.9
> Trace           4
> AuthPort        1812
> AcctPort        1813
> 
> # You will probably want to add other Clients to suit your site.
> <Client DEFAULT>
>         Secret  removed
>         DupInterval 0
> </Client>
> 
> <Realm DEFAULT>
>         <AuthBy LDAP2>
>                 NoDefault
>                 # Tell Radiator how to talk to the LDAP server
>                 Host 127.0.0.1
>                 # You will only need these if your LDAP server
>                 # requires authentication. These are the examples
>                 # in a default OpenLDAP installation
>                 # see /etc/openldap/slapd.conf
>                 AuthDN cn=Mxxxxxxxxx
>                 AuthPassword    removed
>                 # This the top of the search tree where users
>                 # will be found. It should match the configuration
>                 # of your server, see /etc/openldap/slapd.conf
>                 BaseDN          xxxxxxxxx
> 
>                 # This is the LDAP attribute to match the radius username
>                 UsernameAttr    mail
> 
>                 # If you dont specify ServerChecksPassword, you
>                 # need to tell Radiator wjhich attribute contains
>                 # the password. It can be plaintext or encrypted
> 
>                 EncryptedPasswordAttr    userPassword
>                 #ServerChecksPassword
> 
>                 # These are the classic things to add to each users
>                 # reply to allow a PPP dialup session. It may be
>                 # different for your NAS. This will add some
>                 # reply items to everyone's reply
>                 # module with this:
>                 Debug 255
> 
>         </AuthBy>
> </Realm>
> 
> Thanks a lot.
> Regards
> Denis
> 
> Hugh Irvine wrote:
> 
>>
>> Hello Denis -
>>
>> I will need to see a copy of your configuration file (no secrets)  
>> together with a more complete trace 4 debug showing the startup  
>> sequence and the request processing. And what error messages do you 
>> get  on the LDAP server? And what LDAP server are you running? And 
>> what  version of Radiator, Perl, and perl-ldap? And what operating 
>> system are  you using?
>>
>> A Google search on "LDAP_REFERRAL_LIMIT_EXCEEDED" yields many useful  
>> links.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 16 Aug 2004, at 20:48, Denis Pavani wrote:
>>
>>> Hi all, I'm trying to use LDAP authentication in a new installation.
>>> I tried ldap.cfg in goodies directory, usually working perfectly.
>>> This time I obtain an error I trapped debugging Net::Ldap.
>>> I suppose there is not a loop in ldap binding, but perhaps this  
>>> machine lacks a module or something similar.
>>> Any suggestion?
>>>
>>> thanks in advance.
>>> denis
>>>
>>> Mon Aug 16 12:24:45 2004: DEBUG: Handling request with Handler
>>> 'Realm=DEFAULT'
>>> Mon Aug 16 12:24:45 2004: DEBUG:  Deleting session for user at cineca.it,
>>> 127.0.0.1, 0
>>> Mon Aug 16 12:24:45 2004: DEBUG: Handling with Radius::AuthLDAP2:
>>> Mon Aug 16 12:24:45 2004: INFO: Connecting to 127.0.0.1, port 389
>>> Mon Aug 16 12:24:45 2004: INFO: Attempting to bind to LDAP server  
>>> 127.0.0.1:389)
>>> Net::LDAP=HASH(0x83aee90) sending:
>>>
>>> 30 37 02 01 01 60 32 02 01 02 04 22 63 6E 3D 4D 07...`2...."cn=M
>>> 61 6E 61 67 65 72 2C 6F 75 3D 70 65 6F 70 6C 65 removed,ou=people
>>> Mon Aug 16 12:24:45 2004: ERR: Could not bind connection with
>>> cn=removed,ou=people,o=CINECA,c=IT, password, error:
>>> LDAP_REFERRAL_LIMIT_EXCEEDED (server 127.0.0.1:389).
>>> Mon Aug 16 12:24:45 2004: ERR: Backing off from 127.0.0.1:389 for 600
>>> seconds.
>>>
>>> --  
>>> *********************************************************************** 
>>> *
>>> Denis Pavani
>>>
>>> CINECA    -    Comunicazioni e Sistemi Distribuiti
>>> NOC - Network Operations Center
>>>
>>> phone:+39 0516171953 / fax:+39 0516132198
>>> http://www.cineca.it
>>> *********************************************************************** 
>>> *
>>>  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
>>>   -- Gunny Highway
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
> 

-- 
************************************************************************
Denis Pavani

CINECA    -    Comunicazioni e Sistemi Distribuiti
NOC - Network Operations Center

phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
   -- Gunny Highway

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list