(RADIATOR) Radiator doesn't bind to LDAP

David Felipe Rios Rojas DRIOSR at eeppm.com
Thu Feb 16 14:48:10 CST 2006


> -----Mensaje original-----
> De: Hugh Irvine [mailto:hugh at open.com.au] 
> Enviado el: Miércoles, 15 de Febrero de 2006 05:49 p.m.
> Para: David Felipe Rios Rojas
> CC: Radiator-List list
> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> 
> 
> Hello David -
> 
> Further to this you can add "Debug 255" to your AuthBy LDAP2 clause  
> to get additional LDAP debugging.
> 
> regards
> 
> Hugh
> 

Thank Hugh, "Debug" parameter was too useful; Radiator didn't send
anything to LDAP server because "Convert-ASN1" module was not
installed. Now it is authenticating!! Thanks a lot again.

I have another problem: each LDAP user has an attribute to know what
kind of service has bought; we are working with Cisco CAR and it returns
to RAS a lot of parameters according to that LDAP attribute; could I
do same task with Radiator?

> 
> On 16 Feb 2006, at 09:42, Hugh Irvine wrote:
> 
> >
> > Hello David -
> >
> > I will need to see the complete configuration file and a trace 4  
> > debug from startup showing what is happening.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 16 Feb 2006, at 09:17, David Felipe Rios Rojas wrote:
> >
> >>
> >>> -----Mensaje original-----
> >>> De: Hugh Irvine [mailto:hugh at open.com.au]
> >>> Enviado el: Martes, 14 de Febrero de 2006 11:37 p.m.
> >>> Para: David Felipe Rios Rojas
> >>> CC: radiator at open.com.au
> >>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> >>>
> >>>
> >>> Hello David -
> >>>
> >>> I think the AuthBy LDAP 2 configuration is incorrect.
> >>>
> >>> Try this instead:
> >>>
> >>>
> >>> <Realm ldap.realm>
> >>> 	<AuthBy LDAP2>
> >>> 		Host		xxxxxx
> >>> 		Port		389
> >>> 		AuthDN		root
> >>> 		AuthPassword	xxxxxx
> >>> 		BaseDN		ou=xxxxx,o=xxxxx
> >>> 		SearchFilter (&(%0=%1)(radiusloginservice=E))
> >>> 		UsernameAttr	uid
> >>> 		PasswordAttr    userPassword
> >>> 	</AuthBy>
> >>> </Realm>
> >>>
> >>>
> >>> hope that helps
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>
> >> Hi Hugh.
> >>
> >> I changed config file as you wrote but it didn't work :(
> >>
> >> I used "snoop" to see what it was sending to LDAP server and
> >> guess what! it doesn't send anything!; this is information
> >> showed by snoop:
> >>
> >> #############################################
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 1 arrived at 14:56:10.23
> >> ETHER:  Packet size = 62 bytes
> >> ETHER:  Destination = 0:e0:b6:4:d9:62,
> >> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 48 bytes
> >> IP:   Identification = 34837
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 64 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 479f
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 46731
> >> TCP:  Destination port = 389 (LDAP)
> >> TCP:  Sequence number = 3244986615
> >> TCP:  Acknowledgement number = 0
> >> TCP:  Data offset = 28 bytes
> >> TCP:  Flags = 0x02
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...0 .... = No acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..1. = Syn
> >> TCP:        .... ...0 = No Fin
> >> TCP:  Window = 24820
> >> TCP:  Checksum = 0xaca4
> >> TCP:  Urgent pointer = 0
> >> TCP:  Options: (8 bytes)
> >> TCP:    - No operation
> >> TCP:    - No operation
> >> TCP:    - SACK permitted option
> >> TCP:    - Maximum segment size = 1460 bytes
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 2 arrived at 14:56:10.23
> >> ETHER:  Packet size = 62 bytes
> >> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Source      = 0:e0:b6:4:d9:62,
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 48 bytes
> >> IP:   Identification = 16165
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 60 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 948f
> >> IP:   Source address = ***.***.***.***, **********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 389
> >> TCP:  Destination port = 46731
> >> TCP:  Sequence number = 1601298321
> >> TCP:  Acknowledgement number = 3244986616
> >> TCP:  Data offset = 28 bytes
> >> TCP:  Flags = 0x12
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..1. = Syn
> >> TCP:        .... ...0 = No Fin
> >> TCP:  Window = 64860
> >> TCP:  Checksum = 0xd177
> >> TCP:  Urgent pointer = 0
> >> TCP:  Options: (8 bytes)
> >> TCP:    - Maximum segment size = 1380 bytes
> >> TCP:    - No operation
> >> TCP:    - No operation
> >> TCP:    - SACK permitted option
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 3 arrived at 14:56:10.23
> >> ETHER:  Packet size = 54 bytes
> >> ETHER:  Destination = 0:e0:b6:4:d9:62,
> >> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 40 bytes
> >> IP:   Identification = 34838
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 64 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 47a6
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, **********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 46731
> >> TCP:  Destination port = 389 (LDAP)
> >> TCP:  Sequence number = 3244986616
> >> TCP:  Acknowledgement number = 1601298322
> >> TCP:  Data offset = 20 bytes
> >> TCP:  Flags = 0x10
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..0. = No Syn
> >> TCP:        .... ...0 = No Fin
> >> TCP:  Window = 24840
> >> TCP:  Checksum = 0x9a40
> >> TCP:  Urgent pointer = 0
> >> TCP:  No options
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 4 arrived at 14:56:10.23
> >> ETHER:  Packet size = 54 bytes
> >> ETHER:  Destination = 0:e0:b6:4:d9:62,
> >> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 40 bytes
> >> IP:   Identification = 34839
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 64 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 47a5
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 46731
> >> TCP:  Destination port = 389 (LDAP)
> >> TCP:  Sequence number = 3244986616
> >> TCP:  Acknowledgement number = 1601298322
> >> TCP:  Data offset = 20 bytes
> >> TCP:  Flags = 0x11
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..0. = No Syn
> >> TCP:        .... ...1 = Fin
> >> TCP:  Window = 24840
> >> TCP:  Checksum = 0x9a3f
> >> TCP:  Urgent pointer = 0
> >> TCP:  No options
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 5 arrived at 14:56:10.24
> >> ETHER:  Packet size = 60 bytes
> >> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Source      = 0:e0:b6:4:d9:62,
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 40 bytes
> >> IP:   Identification = 16166
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 60 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 9496
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 389
> >> TCP:  Destination port = 46731
> >> TCP:  Sequence number = 1601298322
> >> TCP:  Acknowledgement number = 3244986617
> >> TCP:  Data offset = 20 bytes
> >> TCP:  Flags = 0x10
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..0. = No Syn
> >> TCP:        .... ...0 = No Fin
> >> TCP:  Window = 64860
> >> TCP:  Checksum = 0xfdea
> >> TCP:  Urgent pointer = 0
> >> TCP:  No options
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 6 arrived at 14:56:11.67
> >> ETHER:  Packet size = 60 bytes
> >> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Source      = 0:e0:b6:4:d9:62,
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 40 bytes
> >> IP:   Identification = 16167
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 60 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 9495
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 389
> >> TCP:  Destination port = 46731
> >> TCP:  Sequence number = 1601298322
> >> TCP:  Acknowledgement number = 3244986617
> >> TCP:  Data offset = 20 bytes
> >> TCP:  Flags = 0x11
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..0. = No Syn
> >> TCP:        .... ...1 = Fin
> >> TCP:  Window = 64860
> >> TCP:  Checksum = 0xfde9
> >> TCP:  Urgent pointer = 0
> >> TCP:  No options
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >>
> >> ETHER:  ----- Ether Header -----
> >> ETHER:
> >> ETHER:  Packet 7 arrived at 14:56:11.67
> >> ETHER:  Packet size = 54 bytes
> >> ETHER:  Destination = 0:e0:b6:4:d9:62,
> >> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
> >> ETHER:  Ethertype = 0800 (IP)
> >> ETHER:
> >> IP:   ----- IP Header -----
> >> IP:
> >> IP:   Version = 4
> >> IP:   Header length = 20 bytes
> >> IP:   Type of service = 0x00
> >> IP:         xxx. .... = 0 (precedence)
> >> IP:         ...0 .... = normal delay
> >> IP:         .... 0... = normal throughput
> >> IP:         .... .0.. = normal reliability
> >> IP:   Total length = 40 bytes
> >> IP:   Identification = 34840
> >> IP:   Flags = 0x4
> >> IP:         .1.. .... = do not fragment
> >> IP:         ..0. .... = last fragment
> >> IP:   Fragment offset = 0 bytes
> >> IP:   Time to live = 64 seconds/hops
> >> IP:   Protocol = 6 (TCP)
> >> IP:   Header checksum = 47a4
> >> IP:   Source address = ***.***.***.***, ********
> >> IP:   Destination address = ***.***.***.***, ********
> >> IP:   No options
> >> IP:
> >> TCP:  ----- TCP Header -----
> >> TCP:
> >> TCP:  Source port = 46731
> >> TCP:  Destination port = 389 (LDAP)
> >> TCP:  Sequence number = 3244986617
> >> TCP:  Acknowledgement number = 1601298323
> >> TCP:  Data offset = 20 bytes
> >> TCP:  Flags = 0x10
> >> TCP:        ..0. .... = No urgent pointer
> >> TCP:        ...1 .... = Acknowledgement
> >> TCP:        .... 0... = No push
> >> TCP:        .... .0.. = No reset
> >> TCP:        .... ..0. = No Syn
> >> TCP:        .... ...0 = No Fin
> >> TCP:  Window = 24840
> >> TCP:  Checksum = 0x9a3e
> >> TCP:  Urgent pointer = 0
> >> TCP:  No options
> >> TCP:
> >> LDAP:  ----- LDAP:   -----
> >> LDAP:
> >> LDAP:  ""
> >> LDAP:
> >> #############################################
> >>
> >> If you use grep to filter it, you could see that lines with
> >> "LDAP:" don't have any important information.
> >>
> >> PD. Sensible information was replace with "*"
> >>
> >>>
> >>> On 14 Feb 2006, at 08:45, David Felipe Rios Rojas wrote:
> >>>
> >>>> I'm testing Radiator for first time, but I'm a little
> >>> confused because
> >>>> an error message when it try binding to LDAP server; I use LDAP
> >>>> superuser account just to try it.
> >>>>
> >>>> Next is my config file; it was made based on sample
> >>> configuration file
> >>>> provided and several items are not configured yet because I just
> >>>> want to
> >>>> test LDAP binding first.
> >>>>
> >>>> Here we go:
> >>>>
> >>>> 
> ##################################################################
> >>>> Foreground
> >>>>
> >>>> LogStdout
> >>>>
> >>>> Trace		4
> >>>>
> >>>> PidFile		/tmp/radiusd.pid
> >>>>
> >>>> AuthPort	1645
> >>>>
> >>>> AcctPort	1646
> >>>>
> >>>> LogFile		%L/%Y-%m-%d_logfile
> >>>> LogDir		/var/log/radius
> >>>>
> >>>> DbDir		.
> >>>>
> >>>> DictionaryFile /etc/radiator/dictionary,/etc/radiator/
> >>>> dictionary.ascend
> >>>>
> >>>> User radius
> >>>> Group radius
> >>>>
> >>>> <Client DEFAULT>
> >>>> 	Secret	mysecret
> >>>> 	DupInterval 0
> >>>> 	DefaultRealm ldap.realm
> >>>> 	StatusServerShowClientDetails
> >>>> </Client>
> >>>>
> >>>>
> >>>> <Realm DEFAULT>
> >>>> 	RewriteUsername	s/^([^@]+).*/$1/
> >>>> 	MaxSessions	2
> >>>> 	AcctLogFileName	%L/detail
> >>>> 	WtmpFileName %L/wtmp
> >>>> 	PasswordLogFileName %L/password.log
> >>>> 	RejectHasReason
> >>>>
> >>>> 	<AuthBy FILE>
> >>>> 		Filename	/etc/radiator/users
> >>>> 		DynamicReply USR-IP-Input-Filter
> >>>> 		DynamicCheck Group
> >>>> 		UseAddressHint
> >>>> 		AddToReply Reply-Message=hello
> >>>> 		AddToReplyIfNotExist Ascend-Data-Filter="ip in
> >>> forward tcp est"
> >>>> 		DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>> 		RejectEmptyPassword
> >>>> 		AutoMPPEKeys
> >>>> 		EAPType MD5-Challenge
> >>>> 	</AuthBy>
> >>>>
> >>>> 	<AuthBy GROUP>
> >>>> 		AuthByPolicy ContinueUntilAccept
> >>>> 		AddToReply Reply-Message=xxxx
> >>>> 		<AuthBy FILE>
> >>>> 			Filename users
> >>>> 		</AuthBy>
> >>>> 		<AuthBy FILE>
> >>>> 			Filename users
> >>>> 		</AuthBy>
> >>>> 	</AuthBy>
> >>>>
> >>>> </Realm>
> >>>>
> >>>> <Realm unix.realm>
> >>>> 	RewriteUsername	s/^([^@]+).*/$1/
> >>>>
> >>>> 	<AuthBy UNIX>
> >>>> 		Identifier System
> >>>> 		DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>> 	</AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm system.realm>
> >>>> 	RewriteUsername	s/^([^@]+).*/$1/
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm ldap.realm>
> >>>> 	<AuthBy LDAP2>
> >>>> 		Host		xxxxxx
> >>>> 		Port		389
> >>>> 		AuthDN		cn=root
> >>>> 		AuthPassword	xxxxxx
> >>>> 		BaseDN		
> >>> (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
> >>>> 		UsernameAttr	uid
> >>>> 		PasswordAttr    userPassword
> >>>> 	</AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>>
> >>>> <Realm external.realm>
> >>>> 	RewriteUsername	s/^([^@]+).*/$1/
> >>>> 	<AuthBy EXTERNAL>
> >>>> 		Command perl ./goodies/testcommand.pl
> >>>> 		DecryptPassword
> >>>> 	</AuthBy>
> >>>> </Realm>
> >>>>
> >>>> <Realm internal.realm>
> >>>> 	<AuthBy INTERNAL>
> >>>> 		DefaultResult	accept
> >>>> 	</AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <Realm mobileip.realm>
> >>>> 	RewriteUsername	s/^([^@]+).*/$1/
> >>>> 	<AuthBy FILE>
> >>>> 		Filename	./users
> >>>> 	</AuthBy>
> >>>> 	<AuthBy MOBILEIP>
> >>>> 		DefaultHAAddress 192.10.10.2
> >>>> 	</AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> <AuthBy FILE>
> >>>> 	Identifier identifier1
> >>>> </AuthBy>
> >>>>
> >>>>
> >>>> <Realm xyz>
> >>>> 	AuthBy identifier1
> >>>> </Realm>
> >>>> 
> ##################################################################
> >>>>
> >>>>
> >>>> And this is output debug after "perl radpwtst -user driosr -
> >>>> password pass" is execute:
> >>>>
> >>>> 
> ##################################################################
> >>>> Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
> >>>> Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration
> >>>> file '/etc/radiator/radius.cfg'
> >>>> This Radiator license will expire on 2006-07-01
> >>>> This Radiator license will stop operating after 1000 requests
> >>>> To purchase an unlimited full source version of Radiator, see
> >>>> http://www.open.com.au/ordering.html
> >>>> To extend your license period, contact admin at open.com.au
> >>>>
> >>>> Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/
> >>>> radiator/dictionary'
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/
> >>>> radiator/dictionary.ascend'
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port
> >>>> 0.0.0.0:1645
> >>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port
> >>> 0.0.0.0:1646
> >>>> Fri Feb 10 07:45:28 2006: NOTICE: Server started: 
> Radiator 3.14 on
> >>>> XXXX(LOCKED)
> >>>> Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code:       Access-Request
> >>>> Identifier: 211
> >>>> Authentic:  1234567890123456
> >>>> Attributes:
> >>>>         User-Name = "driosr"
> >>>>         Service-Type = Framed-User
> >>>>         NAS-IP-Address = 203.63.154.1
> >>>>         NAS-Identifier = "203.63.154.1"
> >>>>         NAS-Port = 1234
> >>>>         Called-Station-Id = "123456789"
> >>>>         Calling-Station-Id = "987654321"
> >>>>         NAS-Port-Type = Async
> >>>>         User-Password = <137><234>,<222><175>
> >>>> \<4><246><188>8<9><160><216>}x<153>
> >>>>
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:17 2006: DEBUG:  Deleting session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
> >>>> Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to LDAP server
> >>>> XXXX:389
> >>>> Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with
> >>>> cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF) 
> (server XXXX:
> >>>> 389).
> >>>> Fri Feb 10 07:46:17 2006: ERR: Backing off from XXXX:389 for 600
> >>>> seconds.
> >>>> Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result: 
> IGNORE, User
> >>>> database access error
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 212
> >>>> Authentic:  
> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>> Attributes:
> >>>>         User-Name = "driosr"
> >>>>         Service-Type = Framed-User
> >>>>         NAS-IP-Address = 203.63.154.1
> >>>>         NAS-Identifier = "203.63.154.1"
> >>>>         NAS-Port = 1234
> >>>>         NAS-Port-Type = Async
> >>>>         Acct-Session-Id = "00001234"
> >>>>         Acct-Status-Type = Start
> >>>>         Called-Station-Id = "123456789"
> >>>>         Calling-Station-Id = "987654321"
> >>>>         Acct-Delay-Time = 0
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:22 2006: DEBUG:  Adding session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 212
> >>>> Authentic:  
> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>> Attributes:
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Received from 127.0.0.1 port 33466 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 213
> >>>> Authentic:  4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>> Attributes:
> >>>>         User-Name = "driosr"
> >>>>         Service-Type = Framed-User
> >>>>         NAS-IP-Address = 203.63.154.1
> >>>>         NAS-Identifier = "203.63.154.1"
> >>>>         NAS-Port = 1234
> >>>>         NAS-Port-Type = Async
> >>>>         Acct-Session-Id = "00001234"
> >>>>         Acct-Status-Type = Stop
> >>>>         Called-Station-Id = "123456789"
> >>>>         Calling-Station-Id = "987654321"
> >>>>         Acct-Delay-Time = 0
> >>>>         Acct-Session-Time = 1000
> >>>>         Acct-Input-Octets = 20000
> >>>>         Acct-Output-Octets = 30000
> >>>>
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>> 'Realm=ldap.realm'
> >>>> Fri Feb 10 07:46:22 2006: DEBUG:  Deleting session for driosr,
> >>>> 203.63.154.1, 1234
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 213
> >>>> Authentic:  4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>> Attributes:
> >>>> 
> ##################################################################
> >>>>
> >>>>
> >>>> And this is the output to "perl radpwtst -user driosr -password
> >>>> pass" command:
> >>>>
> >>>> 
> ##################################################################
> >>>> sending Access-Request...
> >>>> No reply
> >>>> sending Accounting-Request Start...
> >>>> OK
> >>>> sending Accounting-Request Stop...
> >>>> OK
> >>>> 
> ##################################################################
> >>>>
> >>>>
> >>>> Could you help me?
> >>>>
> >>>> Thanks in advance.
> >>>>
> >>>> -- 
> >>>> David Rios R.
> >>>>
> >>>> --
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>> NB:
> >>>
> >>> Have you read the reference manual ("doc/ref.html")?
> >>> Have you searched the mailing list archive (www.open.com.au/ 
> >>> archives/
> >>> radiator)?
> >>> Have you had a quick look on Google (www.google.com)?
> >>> Have you included a copy of your configuration file (no secrets),
> >>> together with a trace 4 debug showing what is happening?
> >>>
> >>> -- 
> >>> Radiator: the most portable, flexible and configurable 
> RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical, 
> extensible,
> >>> flexible with hardware, software, platform and database  
> >>> independence.
> >>> -
> >>> CATool: Private Certificate Authority for Unix and Unix-like  
> >>> systems.
> >>>
> >>>
> >>>
> >>
> >> -- 
> >> David Rios R.
> >> Ingenieria de Desarrollo
> >> Expansion Nuevos Servicios
> >> Empresas Publicas de Medellin
> >>
> >
> >
> > NB:
> >
> > Have you read the reference manual ("doc/ref.html")?
> > Have you searched the mailing list archive (www.open.com.au/ 
> > archives/radiator)?
> > Have you had a quick look on Google (www.google.com)?
> > Have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > -- 
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database 
> independence.
> > -
> > CATool: Private Certificate Authority for Unix and 
> Unix-like systems.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 

-- 
David Rios R.
Ingenieria de Desarrollo
Expansion Nuevos Servicios
Empresas Publicas de Medellin
 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list