(RADIATOR) Radiator doesn't bind to LDAP
David Felipe Rios Rojas
DRIOSR at eeppm.com
Thu Feb 16 14:48:10 CST 2006
> -----Mensaje original-----
> De: Hugh Irvine [mailto:hugh at open.com.au]
> Enviado el: Miércoles, 15 de Febrero de 2006 05:49 p.m.
> Para: David Felipe Rios Rojas
> CC: Radiator-List list
> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>
>
> Hello David -
>
> Further to this you can add "Debug 255" to your AuthBy LDAP2 clause
> to get additional LDAP debugging.
>
> regards
>
> Hugh
>
Thank Hugh, "Debug" parameter was too useful; Radiator didn't send
anything to LDAP server because "Convert-ASN1" module was not
installed. Now it is authenticating!! Thanks a lot again.
I have another problem: each LDAP user has an attribute to know what
kind of service has bought; we are working with Cisco CAR and it returns
to RAS a lot of parameters according to that LDAP attribute; could I
do same task with Radiator?
>
> On 16 Feb 2006, at 09:42, Hugh Irvine wrote:
>
> >
> > Hello David -
> >
> > I will need to see the complete configuration file and a trace 4
> > debug from startup showing what is happening.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 16 Feb 2006, at 09:17, David Felipe Rios Rojas wrote:
> >
> >>
> >>> -----Mensaje original-----
> >>> De: Hugh Irvine [mailto:hugh at open.com.au]
> >>> Enviado el: Martes, 14 de Febrero de 2006 11:37 p.m.
> >>> Para: David Felipe Rios Rojas
> >>> CC: radiator at open.com.au
> >>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> >>>
> >>>
> >>> Hello David -
> >>>
> >>> I think the AuthBy LDAP 2 configuration is incorrect.
> >>>
> >>> Try this instead:
> >>>
> >>>
> >>> <Realm ldap.realm>
> >>> <AuthBy LDAP2>
> >>> Host xxxxxx
> >>> Port 389
> >>> AuthDN root
> >>> AuthPassword xxxxxx
> >>> BaseDN ou=xxxxx,o=xxxxx
> >>> SearchFilter (&(%0=%1)(radiusloginservice=E))
> >>> UsernameAttr uid
> >>> PasswordAttr userPassword
> >>> </AuthBy>
> >>> </Realm>
> >>>
> >>>
> >>> hope that helps
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>
> >> Hi Hugh.
> >>
> >> I changed config file as you wrote but it didn't work :(
> >>
> >> I used "snoop" to see what it was sending to LDAP server and
> >> guess what! it doesn't send anything!; this is information
> >> showed by snoop:
> >>
> >> #############################################
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 1 arrived at 14:56:10.23
> >> ETHER: Packet size = 62 bytes
> >> ETHER: Destination = 0:e0:b6:4:d9:62,
> >> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 48 bytes
> >> IP: Identification = 34837
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 64 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 479f
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 46731
> >> TCP: Destination port = 389 (LDAP)
> >> TCP: Sequence number = 3244986615
> >> TCP: Acknowledgement number = 0
> >> TCP: Data offset = 28 bytes
> >> TCP: Flags = 0x02
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...0 .... = No acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..1. = Syn
> >> TCP: .... ...0 = No Fin
> >> TCP: Window = 24820
> >> TCP: Checksum = 0xaca4
> >> TCP: Urgent pointer = 0
> >> TCP: Options: (8 bytes)
> >> TCP: - No operation
> >> TCP: - No operation
> >> TCP: - SACK permitted option
> >> TCP: - Maximum segment size = 1460 bytes
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 2 arrived at 14:56:10.23
> >> ETHER: Packet size = 62 bytes
> >> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER: Source = 0:e0:b6:4:d9:62,
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 48 bytes
> >> IP: Identification = 16165
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 60 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 948f
> >> IP: Source address = ***.***.***.***, **********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 389
> >> TCP: Destination port = 46731
> >> TCP: Sequence number = 1601298321
> >> TCP: Acknowledgement number = 3244986616
> >> TCP: Data offset = 28 bytes
> >> TCP: Flags = 0x12
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..1. = Syn
> >> TCP: .... ...0 = No Fin
> >> TCP: Window = 64860
> >> TCP: Checksum = 0xd177
> >> TCP: Urgent pointer = 0
> >> TCP: Options: (8 bytes)
> >> TCP: - Maximum segment size = 1380 bytes
> >> TCP: - No operation
> >> TCP: - No operation
> >> TCP: - SACK permitted option
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 3 arrived at 14:56:10.23
> >> ETHER: Packet size = 54 bytes
> >> ETHER: Destination = 0:e0:b6:4:d9:62,
> >> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 40 bytes
> >> IP: Identification = 34838
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 64 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 47a6
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, **********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 46731
> >> TCP: Destination port = 389 (LDAP)
> >> TCP: Sequence number = 3244986616
> >> TCP: Acknowledgement number = 1601298322
> >> TCP: Data offset = 20 bytes
> >> TCP: Flags = 0x10
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..0. = No Syn
> >> TCP: .... ...0 = No Fin
> >> TCP: Window = 24840
> >> TCP: Checksum = 0x9a40
> >> TCP: Urgent pointer = 0
> >> TCP: No options
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 4 arrived at 14:56:10.23
> >> ETHER: Packet size = 54 bytes
> >> ETHER: Destination = 0:e0:b6:4:d9:62,
> >> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 40 bytes
> >> IP: Identification = 34839
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 64 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 47a5
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 46731
> >> TCP: Destination port = 389 (LDAP)
> >> TCP: Sequence number = 3244986616
> >> TCP: Acknowledgement number = 1601298322
> >> TCP: Data offset = 20 bytes
> >> TCP: Flags = 0x11
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..0. = No Syn
> >> TCP: .... ...1 = Fin
> >> TCP: Window = 24840
> >> TCP: Checksum = 0x9a3f
> >> TCP: Urgent pointer = 0
> >> TCP: No options
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 5 arrived at 14:56:10.24
> >> ETHER: Packet size = 60 bytes
> >> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER: Source = 0:e0:b6:4:d9:62,
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 40 bytes
> >> IP: Identification = 16166
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 60 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 9496
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 389
> >> TCP: Destination port = 46731
> >> TCP: Sequence number = 1601298322
> >> TCP: Acknowledgement number = 3244986617
> >> TCP: Data offset = 20 bytes
> >> TCP: Flags = 0x10
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..0. = No Syn
> >> TCP: .... ...0 = No Fin
> >> TCP: Window = 64860
> >> TCP: Checksum = 0xfdea
> >> TCP: Urgent pointer = 0
> >> TCP: No options
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 6 arrived at 14:56:11.67
> >> ETHER: Packet size = 60 bytes
> >> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER: Source = 0:e0:b6:4:d9:62,
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 40 bytes
> >> IP: Identification = 16167
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 60 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 9495
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 389
> >> TCP: Destination port = 46731
> >> TCP: Sequence number = 1601298322
> >> TCP: Acknowledgement number = 3244986617
> >> TCP: Data offset = 20 bytes
> >> TCP: Flags = 0x11
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..0. = No Syn
> >> TCP: .... ...1 = Fin
> >> TCP: Window = 64860
> >> TCP: Checksum = 0xfde9
> >> TCP: Urgent pointer = 0
> >> TCP: No options
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >>
> >> ETHER: ----- Ether Header -----
> >> ETHER:
> >> ETHER: Packet 7 arrived at 14:56:11.67
> >> ETHER: Packet size = 54 bytes
> >> ETHER: Destination = 0:e0:b6:4:d9:62,
> >> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >> ETHER: Ethertype = 0800 (IP)
> >> ETHER:
> >> IP: ----- IP Header -----
> >> IP:
> >> IP: Version = 4
> >> IP: Header length = 20 bytes
> >> IP: Type of service = 0x00
> >> IP: xxx. .... = 0 (precedence)
> >> IP: ...0 .... = normal delay
> >> IP: .... 0... = normal throughput
> >> IP: .... .0.. = normal reliability
> >> IP: Total length = 40 bytes
> >> IP: Identification = 34840
> >> IP: Flags = 0x4
> >> IP: .1.. .... = do not fragment
> >> IP: ..0. .... = last fragment
> >> IP: Fragment offset = 0 bytes
> >> IP: Time to live = 64 seconds/hops
> >> IP: Protocol = 6 (TCP)
> >> IP: Header checksum = 47a4
> >> IP: Source address = ***.***.***.***, ********
> >> IP: Destination address = ***.***.***.***, ********
> >> IP: No options
> >> IP:
> >> TCP: ----- TCP Header -----
> >> TCP:
> >> TCP: Source port = 46731
> >> TCP: Destination port = 389 (LDAP)
> >> TCP: Sequence number = 3244986617
> >> TCP: Acknowledgement number = 1601298323
> >> TCP: Data offset = 20 bytes
> >> TCP: Flags = 0x10
> >> TCP: ..0. .... = No urgent pointer
> >> TCP: ...1 .... = Acknowledgement
> >> TCP: .... 0... = No push
> >> TCP: .... .0.. = No reset
> >> TCP: .... ..0. = No Syn
> >> TCP: .... ...0 = No Fin
> >> TCP: Window = 24840
> >> TCP: Checksum = 0x9a3e
> >> TCP: Urgent pointer = 0
> >> TCP: No options
> >> TCP:
> >> LDAP: ----- LDAP: -----
> >> LDAP:
> >> LDAP: ""
> >> LDAP:
> >> #############################################
> >>
> >> If you use grep to filter it, you could see that lines with
> >> "LDAP:" don't have any important information.
> >>
> >> PD. Sensible information was replace with "*"
> >>
> >>>
> >>> On 14 Feb 2006, at 08:45, David Felipe Rios Rojas wrote:
> >>>
> >>>> I'm testing Radiator for first time, but I'm a little
> >>> confused because
> >>>> an error message when it try binding to LDAP server; I use LDAP
> >>>> superuser account just to try it.
> >>>>
> >>>> Next is my config file; it was made based on sample
> >>> configuration file
> >>>> provided and several items are not configured yet because I just
> >>>> want to
> >>>> test LDAP binding first.
> >>>>
> >>>> Here we go:
> >>>>
> >>>>
> ##################################################################
> >>>> Foreground
> >>>>
> >>>> LogStdout
> >>>>
> >>>> Trace 4
> >>>>
> >>>> PidFile /tmp/radiusd.pid
> >>>>
> >>>> AuthPort 1645
> >>>>
> >>>> AcctPort 1646
> >>>>
> >>>> LogFile %L/%Y-%m-%d_logfile
> >>>> LogDir /var/log/radius
> >>>>
> >>>> DbDir .
> >>>>
> >>>> DictionaryFile /etc/radiator/dictionary,/etc/radiator/
> >>>> dictionary.ascend
> >>>>
> >>>> User radius
> >>>> Group radius
> >>>>
> >>>> <Client DEFAULT>
> >>>> Secret mysecret
> >>>> DupInterval 0
> >>>> DefaultRealm ldap.realm
> >>>> StatusServerShowClientDetails
> >>>> </Client>
> >>>>
> >>>>
> >>>> <Realm DEFAULT>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>> MaxSessions 2
> >>>> AcctLogFileName %L/detail
> >>>> WtmpFileName %L/wtmp
> >>>> PasswordLogFileName %L/password.log
> >>>> RejectHasReason
> >>>>
> >>>> <AuthBy FILE>
> >>>> Filename /etc/radiator/users
> >>>> DynamicReply USR-IP-Input-Filter
> >>>> DynamicCheck Group
> >>>> UseAddressHint
> >>>> AddToReply Reply-Message=hello
> >>>> AddToReplyIfNotExist Ascend-Data-Filter="ip in
> >>> forward tcp est"
> >>>> DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>> RejectEmptyPassword
> >>>> AutoMPPEKeys
> >>>> EAPType MD5-Challenge
> >>>> </AuthBy>
> >>>>
> >>>> <AuthBy GROUP>
> >>>> AuthByPolicy ContinueUntilAccept
> >>>> AddToReply Reply-Message=xxxx
> >>>> <AuthBy FILE>
> >>>> Filename users
> >>>> </AuthBy>
> >>>> <AuthBy FILE>
> >>>> Filename users
> >>>> </AuthBy>
> >>>> </AuthBy>
> >>>>
> >>>> </Realm>
> >>>>
> >>>> <Realm unix.realm>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>
> >>>> <AuthBy UNIX>
> >>>> Identifier System
> >>>> DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>> </AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm system.realm>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm ldap.realm>
> >>>> <AuthBy LDAP2>
> >>>> Host xxxxxx
> >>>> Port 389
> >>>> AuthDN cn=root
> >>>> AuthPassword xxxxxx
> >>>> BaseDN
> >>> (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
> >>>> UsernameAttr uid
> >>>> PasswordAttr userPassword
> >>>> </AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>>
> >>>> <Realm external.realm>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>> <AuthBy EXTERNAL>
> >>>> Command perl ./goodies/testcommand.pl
> >>>> DecryptPassword
> >>>> </AuthBy>
> >>>> </Realm>
> >>>>
> >>>> <Realm internal.realm>
> >>>> <AuthBy INTERNAL>
> >>>> DefaultResult accept
> >>>> </AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm mobileip.realm>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>> <AuthBy FILE>
> >>>> Filename ./users
> >>>> </AuthBy>
> >>>> <AuthBy MOBILEIP>
> >>>> DefaultHAAddress 192.10.10.2
> >>>> </AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <AuthBy FILE>
> >>>> Identifier identifier1
> >>>> </AuthBy>
> >>>>
> >>>>
> >>>> <Realm xyz>
> >>>> AuthBy identifier1
> >>>> </Realm>
> >>>>
> ##################################################################
> >>>>
> >>>>
> >>>> And this is output debug after "perl radpwtst -user driosr -
> >>>> password pass" is execute:
> >>>>
> >>>>
> ##################################################################
> >>>> Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
> >>>> Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration
> >>>> file '/etc/radiator/radius.cfg'
> >>>> This Radiator license will expire on 2006-07-01
> >>>> This Radiator license will stop operating after 1000 requests
> >>>> To purchase an unlimited full source version of Radiator, see
> >>>> http://www.open.com.au/ordering.html
> >>>> To extend your license period, contact admin at open.com.au
> >>>>
> >>>> Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/
> >>>> radiator/dictionary'
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/
> >>>> radiator/dictionary.ascend'
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port
> >>>> 0.0.0.0:1645
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port
> >>> 0.0.0.0:1646
> >>>> Fri Feb 10 07:45:28 2006: NOTICE: Server started:
> Radiator 3.14 on
> >>>> XXXX(LOCKED)
> >>>> Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code: Access-Request
> >>>> Identifier: 211
> >>>> Authentic: 1234567890123456
> >>>> Attributes:
> >>>> User-Name = "driosr"
> >>>> Service-Type = Framed-User
> >>>> NAS-IP-Address = 203.63.154.1
> >>>> NAS-Identifier = "203.63.154.1"
> >>>> NAS-Port = 1234
> >>>> Called-Station-Id = "123456789"
> >>>> Calling-Station-Id = "987654321"
> >>>> NAS-Port-Type = Async
> >>>> User-Password = <137><234>,<222><175>
> >>>> \<4><246><188>8<9><160><216>}x<153>
> >>>>
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: Deleting session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
> >>>> Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to LDAP server
> >>>> XXXX:389
> >>>> Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with
> >>>> cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF)
> (server XXXX:
> >>>> 389).
> >>>> Fri Feb 10 07:46:17 2006: ERR: Backing off from XXXX:389 for 600
> >>>> seconds.
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result:
> IGNORE, User
> >>>> database access error
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code: Accounting-Request
> >>>> Identifier: 212
> >>>> Authentic:
> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>> Attributes:
> >>>> User-Name = "driosr"
> >>>> Service-Type = Framed-User
> >>>> NAS-IP-Address = 203.63.154.1
> >>>> NAS-Identifier = "203.63.154.1"
> >>>> NAS-Port = 1234
> >>>> NAS-Port-Type = Async
> >>>> Acct-Session-Id = "00001234"
> >>>> Acct-Status-Type = Start
> >>>> Called-Station-Id = "123456789"
> >>>> Calling-Station-Id = "987654321"
> >>>> Acct-Delay-Time = 0
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Adding session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>> Code: Accounting-Response
> >>>> Identifier: 212
> >>>> Authentic:
> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>> Attributes:
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code: Accounting-Request
> >>>> Identifier: 213
> >>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>> Attributes:
> >>>> User-Name = "driosr"
> >>>> Service-Type = Framed-User
> >>>> NAS-IP-Address = 203.63.154.1
> >>>> NAS-Identifier = "203.63.154.1"
> >>>> NAS-Port = 1234
> >>>> NAS-Port-Type = Async
> >>>> Acct-Session-Id = "00001234"
> >>>> Acct-Status-Type = Stop
> >>>> Called-Station-Id = "123456789"
> >>>> Calling-Station-Id = "987654321"
> >>>> Acct-Delay-Time = 0
> >>>> Acct-Session-Time = 1000
> >>>> Acct-Input-Octets = 20000
> >>>> Acct-Output-Octets = 30000
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Deleting session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>> Code: Accounting-Response
> >>>> Identifier: 213
> >>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>> Attributes:
> >>>>
> ##################################################################
> >>>>
> >>>>
> >>>> And this is the output to "perl radpwtst -user driosr -password
> >>>> pass" command:
> >>>>
> >>>>
> ##################################################################
> >>>> sending Access-Request...
> >>>> No reply
> >>>> sending Accounting-Request Start...
> >>>> OK
> >>>> sending Accounting-Request Stop...
> >>>> OK
> >>>>
> ##################################################################
> >>>>
> >>>>
> >>>> Could you help me?
> >>>>
> >>>> Thanks in advance.
> >>>>
> >>>> --
> >>>> David Rios R.
> >>>>
> >>>> --
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>> NB:
> >>>
> >>> Have you read the reference manual ("doc/ref.html")?
> >>> Have you searched the mailing list archive (www.open.com.au/
> >>> archives/
> >>> radiator)?
> >>> Have you had a quick look on Google (www.google.com)?
> >>> Have you included a copy of your configuration file (no secrets),
> >>> together with a trace 4 debug showing what is happening?
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable
> RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical,
> extensible,
> >>> flexible with hardware, software, platform and database
> >>> independence.
> >>> -
> >>> CATool: Private Certificate Authority for Unix and Unix-like
> >>> systems.
> >>>
> >>>
> >>>
> >>
> >> --
> >> David Rios R.
> >> Ingenieria de Desarrollo
> >> Expansion Nuevos Servicios
> >> Empresas Publicas de Medellin
> >>
> >
> >
> > NB:
> >
> > Have you read the reference manual ("doc/ref.html")?
> > Have you searched the mailing list archive (www.open.com.au/
> > archives/radiator)?
> > Have you had a quick look on Google (www.google.com)?
> > Have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database
> independence.
> > -
> > CATool: Private Certificate Authority for Unix and
> Unix-like systems.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
--
David Rios R.
Ingenieria de Desarrollo
Expansion Nuevos Servicios
Empresas Publicas de Medellin
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list