(RADIATOR) AuthBy LDAP2 -- binding as user to be authenticated -- disabling back-off

Rok Papez rok.papez at arnes.si
Wed Oct 6 01:56:06 CDT 2004


Hello!

Since I don't want to expose my super-user password for LDAP in radiator config file I'm trying
to bind to LDAP as user that is trying to authenticate. Since TTLS + PAP is used, this is not
a problem.

radiator.cfg:
----------------
<AuthBy LDAP2>
        Identifier ldap_users
        Version 3
        Host ldap.host
        AuthDN uid=%U,ou=users,dc=some,dc=org,dc=tld
        AuthPassword %P
        BaseDN ou=users,dc=some,dc=org,dc=tld
        UsernameAttr udi
        ServerChecksPassword
        EAPType PAP
        NoDefault
</AuthBy>

This works, however if user typed an incorrect password or if wrong
username is entered, the radiator blocks connections to LDAP for 10 minutes.

Tue Oct  5 14:32:39 2004: INFO: Connecting to ldap.host, port 389
Tue Oct  5 14:32:39 2004: INFO: Attempting to bind to LDAP server ldap.host:389)
Tue Oct  5 14:32:39 2004: ERR: Could not bind connection with uid=xxx,ou=xxx,dc=xxx,dc=xxx,dc=xxx, wrong_pass error: LDAP_INVALID_CREDENTIALS (server ldap.host:389).
Tue Oct  5 14:32:39 2004: ERR: Backing off from ldap.host:389 for 600 seconds.

Is there some way to specify not to back-off if username or password is wrong ?

-- 
lep pozdrav,
Rok Papež.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list