(RADIATOR) Radiator doesn't bind to LDAP
David Felipe Rios Rojas
DRIOSR at eeppm.com
Mon Feb 13 15:45:53 CST 2006
I'm testing Radiator for first time, but I'm a little confused because
an error message when it try binding to LDAP server; I use LDAP
superuser account just to try it.
Next is my config file; it was made based on sample configuration file
provided and several items are not configured yet because I just want to
test LDAP binding first.
Here we go:
##################################################################
Foreground
LogStdout
Trace 4
PidFile /tmp/radiusd.pid
AuthPort 1645
AcctPort 1646
LogFile %L/%Y-%m-%d_logfile
LogDir /var/log/radius
DbDir .
DictionaryFile /etc/radiator/dictionary,/etc/radiator/dictionary.ascend
User radius
Group radius
<Client DEFAULT>
Secret mysecret
DupInterval 0
DefaultRealm ldap.realm
StatusServerShowClientDetails
</Client>
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 2
AcctLogFileName %L/detail
WtmpFileName %L/wtmp
PasswordLogFileName %L/password.log
RejectHasReason
<AuthBy FILE>
Filename /etc/radiator/users
DynamicReply USR-IP-Input-Filter
DynamicCheck Group
UseAddressHint
AddToReply Reply-Message=hello
AddToReplyIfNotExist Ascend-Data-Filter="ip in forward tcp est"
DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
RejectEmptyPassword
AutoMPPEKeys
EAPType MD5-Challenge
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
AddToReply Reply-Message=xxxx
<AuthBy FILE>
Filename users
</AuthBy>
<AuthBy FILE>
Filename users
</AuthBy>
</AuthBy>
</Realm>
<Realm unix.realm>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy UNIX>
Identifier System
DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy>
</Realm>
<Realm system.realm>
RewriteUsername s/^([^@]+).*/$1/
</Realm>
<Realm ldap.realm>
<AuthBy LDAP2>
Host xxxxxx
Port 389
AuthDN cn=root
AuthPassword xxxxxx
BaseDN (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
UsernameAttr uid
PasswordAttr userPassword
</AuthBy>
</Realm>
<Realm external.realm>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy EXTERNAL>
Command perl ./goodies/testcommand.pl
DecryptPassword
</AuthBy>
</Realm>
<Realm internal.realm>
<AuthBy INTERNAL>
DefaultResult accept
</AuthBy>
</Realm>
<Realm mobileip.realm>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
Filename ./users
</AuthBy>
<AuthBy MOBILEIP>
DefaultHAAddress 192.10.10.2
</AuthBy>
</Realm>
<AuthBy FILE>
Identifier identifier1
</AuthBy>
<Realm xyz>
AuthBy identifier1
</Realm>
##################################################################
And this is output debug after "perl radpwtst -user driosr -password pass" is execute:
##################################################################
Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
This Radiator license will expire on 2006-07-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/ordering.html
To extend your license period, contact admin at open.com.au
Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/radiator/dictionary.ascend'
Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Feb 10 07:45:28 2006: NOTICE: Server started: Radiator 3.14 on XXXX(LOCKED)
Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33466 ....
Code: Access-Request
Identifier: 211
Authentic: 1234567890123456
Attributes:
User-Name = "driosr"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <137><234>,<222><175>\<4><246><188>8<9><160><216>}x<153>
Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler 'Realm=ldap.realm'
Fri Feb 10 07:46:17 2006: DEBUG: Deleting session for driosr, 203.63.154.1, 1234
Fri Feb 10 07:46:17 2006: DEBUG: Handling with Radius::AuthLDAP2:
Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to LDAP server XXXX:389
Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF) (server XXXX:389).
Fri Feb 10 07:46:17 2006: ERR: Backing off from XXXX:389 for 600 seconds.
Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result: IGNORE, User database access error
Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33466 ....
Code: Accounting-Request
Identifier: 212
Authentic: .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
Attributes:
User-Name = "driosr"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler 'Realm=ldap.realm'
Fri Feb 10 07:46:22 2006: DEBUG: Adding session for driosr, 203.63.154.1, 1234
Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33466 ....
Code: Accounting-Response
Identifier: 212
Authentic: .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
Attributes:
Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33466 ....
Code: Accounting-Request
Identifier: 213
Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
Attributes:
User-Name = "driosr"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler 'Realm=ldap.realm'
Fri Feb 10 07:46:22 2006: DEBUG: Deleting session for driosr, 203.63.154.1, 1234
Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33466 ....
Code: Accounting-Response
Identifier: 213
Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
Attributes:
##################################################################
And this is the output to "perl radpwtst -user driosr -password pass" command:
##################################################################
sending Access-Request...
No reply
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
##################################################################
Could you help me?
Thanks in advance.
--
David Rios R.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list