(RADIATOR) AuthBy LDAP2 -- binding as user to be authenticated -- disabling back-off

Hugh Irvine hugh at open.com.au
Wed Oct 6 06:14:00 CDT 2004 

Hello Rok -

You can alter the timeout with the Timeout parameter.

See section 6.35.19 in the Radiator 3.9 reference manual 
("doc/ref.html").

regards

Hugh


On 6 Oct 2004, at 08:56, Rok Papez wrote:

> Hello!
>
> Since I don't want to expose my super-user password for LDAP in 
> radiator config file I'm trying
> to bind to LDAP as user that is trying to authenticate. Since TTLS + 
> PAP is used, this is not
> a problem.
>
> radiator.cfg:
> ----------------
> <AuthBy LDAP2>
>         Identifier ldap_users
>         Version 3
>         Host ldap.host
>         AuthDN uid=%U,ou=users,dc=some,dc=org,dc=tld
>         AuthPassword %P
>         BaseDN ou=users,dc=some,dc=org,dc=tld
>         UsernameAttr udi
>         ServerChecksPassword
>         EAPType PAP
>         NoDefault
> </AuthBy>
>
> This works, however if user typed an incorrect password or if wrong
> username is entered, the radiator blocks connections to LDAP for 10 
> minutes.
>
> Tue Oct  5 14:32:39 2004: INFO: Connecting to ldap.host, port 389
> Tue Oct  5 14:32:39 2004: INFO: Attempting to bind to LDAP server 
> ldap.host:389)
> Tue Oct  5 14:32:39 2004: ERR: Could not bind connection with 
> uid=xxx,ou=xxx,dc=xxx,dc=xxx,dc=xxx, wrong_pass error: 
> LDAP_INVALID_CREDENTIALS (server ldap.host:389).
> Tue Oct  5 14:32:39 2004: ERR: Backing off from ldap.host:389 for 600 
> seconds.
>
> Is there some way to specify not to back-off if username or password 
> is wrong ?
>
> -- 
> lep pozdrav,
> Rok Papež.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list