(RADIATOR) Radiator doesn't bind to LDAP

Hugh Irvine hugh at open.com.au
Thu Feb 16 16:15:00 CST 2006


Hello David -

Thanks for letting me know that you have the LDAP working.

In answer to your question, yes you can use Radiator to return any  
attributes needed by the NAS.

You would use the AuthAttrDef construct in your AuthBy LDAP2 clause.

You can also use the AddToReply construct to return the common reply  
attributes.

See section 5.36.16 in the Radiator 3.14 reference manual.

regards

Hugh


On 17 Feb 2006, at 07:48, David Felipe Rios Rojas wrote:

>
>> -----Mensaje original-----
>> De: Hugh Irvine [mailto:hugh at open.com.au]
>> Enviado el: Miércoles, 15 de Febrero de 2006 05:49 p.m.
>> Para: David Felipe Rios Rojas
>> CC: Radiator-List list
>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>
>>
>> Hello David -
>>
>> Further to this you can add "Debug 255" to your AuthBy LDAP2 clause
>> to get additional LDAP debugging.
>>
>> regards
>>
>> Hugh
>>
>
> Thank Hugh, "Debug" parameter was too useful; Radiator didn't send
> anything to LDAP server because "Convert-ASN1" module was not
> installed. Now it is authenticating!! Thanks a lot again.
>
> I have another problem: each LDAP user has an attribute to know what
> kind of service has bought; we are working with Cisco CAR and it  
> returns
> to RAS a lot of parameters according to that LDAP attribute; could I
> do same task with Radiator?
>
>>
>> On 16 Feb 2006, at 09:42, Hugh Irvine wrote:
>>
>>>
>>> Hello David -
>>>
>>> I will need to see the complete configuration file and a trace 4
>>> debug from startup showing what is happening.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 16 Feb 2006, at 09:17, David Felipe Rios Rojas wrote:
>>>
>>>>
>>>>> -----Mensaje original-----
>>>>> De: Hugh Irvine [mailto:hugh at open.com.au]
>>>>> Enviado el: Martes, 14 de Febrero de 2006 11:37 p.m.
>>>>> Para: David Felipe Rios Rojas
>>>>> CC: radiator at open.com.au
>>>>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>>>>
>>>>>
>>>>> Hello David -
>>>>>
>>>>> I think the AuthBy LDAP 2 configuration is incorrect.
>>>>>
>>>>> Try this instead:
>>>>>
>>>>>
>>>>> <Realm ldap.realm>
>>>>> 	<AuthBy LDAP2>
>>>>> 		Host		xxxxxx
>>>>> 		Port		389
>>>>> 		AuthDN		root
>>>>> 		AuthPassword	xxxxxx
>>>>> 		BaseDN		ou=xxxxx,o=xxxxx
>>>>> 		SearchFilter (&(%0=%1)(radiusloginservice=E))
>>>>> 		UsernameAttr	uid
>>>>> 		PasswordAttr    userPassword
>>>>> 	</AuthBy>
>>>>> </Realm>
>>>>>
>>>>>
>>>>> hope that helps
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>
>>>> Hi Hugh.
>>>>
>>>> I changed config file as you wrote but it didn't work :(
>>>>
>>>> I used "snoop" to see what it was sending to LDAP server and
>>>> guess what! it doesn't send anything!; this is information
>>>> showed by snoop:
>>>>
>>>> #############################################
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 1 arrived at 14:56:10.23
>>>> ETHER:  Packet size = 62 bytes
>>>> ETHER:  Destination = 0:e0:b6:4:d9:62,
>>>> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 48 bytes
>>>> IP:   Identification = 34837
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 64 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 479f
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 46731
>>>> TCP:  Destination port = 389 (LDAP)
>>>> TCP:  Sequence number = 3244986615
>>>> TCP:  Acknowledgement number = 0
>>>> TCP:  Data offset = 28 bytes
>>>> TCP:  Flags = 0x02
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...0 .... = No acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..1. = Syn
>>>> TCP:        .... ...0 = No Fin
>>>> TCP:  Window = 24820
>>>> TCP:  Checksum = 0xaca4
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  Options: (8 bytes)
>>>> TCP:    - No operation
>>>> TCP:    - No operation
>>>> TCP:    - SACK permitted option
>>>> TCP:    - Maximum segment size = 1460 bytes
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 2 arrived at 14:56:10.23
>>>> ETHER:  Packet size = 62 bytes
>>>> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Source      = 0:e0:b6:4:d9:62,
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 48 bytes
>>>> IP:   Identification = 16165
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 60 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 948f
>>>> IP:   Source address = ***.***.***.***, **********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 389
>>>> TCP:  Destination port = 46731
>>>> TCP:  Sequence number = 1601298321
>>>> TCP:  Acknowledgement number = 3244986616
>>>> TCP:  Data offset = 28 bytes
>>>> TCP:  Flags = 0x12
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..1. = Syn
>>>> TCP:        .... ...0 = No Fin
>>>> TCP:  Window = 64860
>>>> TCP:  Checksum = 0xd177
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  Options: (8 bytes)
>>>> TCP:    - Maximum segment size = 1380 bytes
>>>> TCP:    - No operation
>>>> TCP:    - No operation
>>>> TCP:    - SACK permitted option
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 3 arrived at 14:56:10.23
>>>> ETHER:  Packet size = 54 bytes
>>>> ETHER:  Destination = 0:e0:b6:4:d9:62,
>>>> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 40 bytes
>>>> IP:   Identification = 34838
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 64 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 47a6
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, **********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 46731
>>>> TCP:  Destination port = 389 (LDAP)
>>>> TCP:  Sequence number = 3244986616
>>>> TCP:  Acknowledgement number = 1601298322
>>>> TCP:  Data offset = 20 bytes
>>>> TCP:  Flags = 0x10
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..0. = No Syn
>>>> TCP:        .... ...0 = No Fin
>>>> TCP:  Window = 24840
>>>> TCP:  Checksum = 0x9a40
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  No options
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 4 arrived at 14:56:10.23
>>>> ETHER:  Packet size = 54 bytes
>>>> ETHER:  Destination = 0:e0:b6:4:d9:62,
>>>> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 40 bytes
>>>> IP:   Identification = 34839
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 64 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 47a5
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 46731
>>>> TCP:  Destination port = 389 (LDAP)
>>>> TCP:  Sequence number = 3244986616
>>>> TCP:  Acknowledgement number = 1601298322
>>>> TCP:  Data offset = 20 bytes
>>>> TCP:  Flags = 0x11
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..0. = No Syn
>>>> TCP:        .... ...1 = Fin
>>>> TCP:  Window = 24840
>>>> TCP:  Checksum = 0x9a3f
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  No options
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 5 arrived at 14:56:10.24
>>>> ETHER:  Packet size = 60 bytes
>>>> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Source      = 0:e0:b6:4:d9:62,
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 40 bytes
>>>> IP:   Identification = 16166
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 60 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 9496
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 389
>>>> TCP:  Destination port = 46731
>>>> TCP:  Sequence number = 1601298322
>>>> TCP:  Acknowledgement number = 3244986617
>>>> TCP:  Data offset = 20 bytes
>>>> TCP:  Flags = 0x10
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..0. = No Syn
>>>> TCP:        .... ...0 = No Fin
>>>> TCP:  Window = 64860
>>>> TCP:  Checksum = 0xfdea
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  No options
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 6 arrived at 14:56:11.67
>>>> ETHER:  Packet size = 60 bytes
>>>> ETHER:  Destination = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Source      = 0:e0:b6:4:d9:62,
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 40 bytes
>>>> IP:   Identification = 16167
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 60 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 9495
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 389
>>>> TCP:  Destination port = 46731
>>>> TCP:  Sequence number = 1601298322
>>>> TCP:  Acknowledgement number = 3244986617
>>>> TCP:  Data offset = 20 bytes
>>>> TCP:  Flags = 0x11
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..0. = No Syn
>>>> TCP:        .... ...1 = Fin
>>>> TCP:  Window = 64860
>>>> TCP:  Checksum = 0xfde9
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  No options
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>>
>>>> ETHER:  ----- Ether Header -----
>>>> ETHER:
>>>> ETHER:  Packet 7 arrived at 14:56:11.67
>>>> ETHER:  Packet size = 54 bytes
>>>> ETHER:  Destination = 0:e0:b6:4:d9:62,
>>>> ETHER:  Source      = 8:0:20:c7:98:4c, Sun
>>>> ETHER:  Ethertype = 0800 (IP)
>>>> ETHER:
>>>> IP:   ----- IP Header -----
>>>> IP:
>>>> IP:   Version = 4
>>>> IP:   Header length = 20 bytes
>>>> IP:   Type of service = 0x00
>>>> IP:         xxx. .... = 0 (precedence)
>>>> IP:         ...0 .... = normal delay
>>>> IP:         .... 0... = normal throughput
>>>> IP:         .... .0.. = normal reliability
>>>> IP:   Total length = 40 bytes
>>>> IP:   Identification = 34840
>>>> IP:   Flags = 0x4
>>>> IP:         .1.. .... = do not fragment
>>>> IP:         ..0. .... = last fragment
>>>> IP:   Fragment offset = 0 bytes
>>>> IP:   Time to live = 64 seconds/hops
>>>> IP:   Protocol = 6 (TCP)
>>>> IP:   Header checksum = 47a4
>>>> IP:   Source address = ***.***.***.***, ********
>>>> IP:   Destination address = ***.***.***.***, ********
>>>> IP:   No options
>>>> IP:
>>>> TCP:  ----- TCP Header -----
>>>> TCP:
>>>> TCP:  Source port = 46731
>>>> TCP:  Destination port = 389 (LDAP)
>>>> TCP:  Sequence number = 3244986617
>>>> TCP:  Acknowledgement number = 1601298323
>>>> TCP:  Data offset = 20 bytes
>>>> TCP:  Flags = 0x10
>>>> TCP:        ..0. .... = No urgent pointer
>>>> TCP:        ...1 .... = Acknowledgement
>>>> TCP:        .... 0... = No push
>>>> TCP:        .... .0.. = No reset
>>>> TCP:        .... ..0. = No Syn
>>>> TCP:        .... ...0 = No Fin
>>>> TCP:  Window = 24840
>>>> TCP:  Checksum = 0x9a3e
>>>> TCP:  Urgent pointer = 0
>>>> TCP:  No options
>>>> TCP:
>>>> LDAP:  ----- LDAP:   -----
>>>> LDAP:
>>>> LDAP:  ""
>>>> LDAP:
>>>> #############################################
>>>>
>>>> If you use grep to filter it, you could see that lines with
>>>> "LDAP:" don't have any important information.
>>>>
>>>> PD. Sensible information was replace with "*"
>>>>
>>>>>
>>>>> On 14 Feb 2006, at 08:45, David Felipe Rios Rojas wrote:
>>>>>
>>>>>> I'm testing Radiator for first time, but I'm a little
>>>>> confused because
>>>>>> an error message when it try binding to LDAP server; I use LDAP
>>>>>> superuser account just to try it.
>>>>>>
>>>>>> Next is my config file; it was made based on sample
>>>>> configuration file
>>>>>> provided and several items are not configured yet because I just
>>>>>> want to
>>>>>> test LDAP binding first.
>>>>>>
>>>>>> Here we go:
>>>>>>
>>>>>>
>> ##################################################################
>>>>>> Foreground
>>>>>>
>>>>>> LogStdout
>>>>>>
>>>>>> Trace		4
>>>>>>
>>>>>> PidFile		/tmp/radiusd.pid
>>>>>>
>>>>>> AuthPort	1645
>>>>>>
>>>>>> AcctPort	1646
>>>>>>
>>>>>> LogFile		%L/%Y-%m-%d_logfile
>>>>>> LogDir		/var/log/radius
>>>>>>
>>>>>> DbDir		.
>>>>>>
>>>>>> DictionaryFile /etc/radiator/dictionary,/etc/radiator/
>>>>>> dictionary.ascend
>>>>>>
>>>>>> User radius
>>>>>> Group radius
>>>>>>
>>>>>> <Client DEFAULT>
>>>>>> 	Secret	mysecret
>>>>>> 	DupInterval 0
>>>>>> 	DefaultRealm ldap.realm
>>>>>> 	StatusServerShowClientDetails
>>>>>> </Client>
>>>>>>
>>>>>>
>>>>>> <Realm DEFAULT>
>>>>>> 	RewriteUsername	s/^([^@]+).*/$1/
>>>>>> 	MaxSessions	2
>>>>>> 	AcctLogFileName	%L/detail
>>>>>> 	WtmpFileName %L/wtmp
>>>>>> 	PasswordLogFileName %L/password.log
>>>>>> 	RejectHasReason
>>>>>>
>>>>>> 	<AuthBy FILE>
>>>>>> 		Filename	/etc/radiator/users
>>>>>> 		DynamicReply USR-IP-Input-Filter
>>>>>> 		DynamicCheck Group
>>>>>> 		UseAddressHint
>>>>>> 		AddToReply Reply-Message=hello
>>>>>> 		AddToReplyIfNotExist Ascend-Data-Filter="ip in
>>>>> forward tcp est"
>>>>>> 		DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>> 		RejectEmptyPassword
>>>>>> 		AutoMPPEKeys
>>>>>> 		EAPType MD5-Challenge
>>>>>> 	</AuthBy>
>>>>>>
>>>>>> 	<AuthBy GROUP>
>>>>>> 		AuthByPolicy ContinueUntilAccept
>>>>>> 		AddToReply Reply-Message=xxxx
>>>>>> 		<AuthBy FILE>
>>>>>> 			Filename users
>>>>>> 		</AuthBy>
>>>>>> 		<AuthBy FILE>
>>>>>> 			Filename users
>>>>>> 		</AuthBy>
>>>>>> 	</AuthBy>
>>>>>>
>>>>>> </Realm>
>>>>>>
>>>>>> <Realm unix.realm>
>>>>>> 	RewriteUsername	s/^([^@]+).*/$1/
>>>>>>
>>>>>> 	<AuthBy UNIX>
>>>>>> 		Identifier System
>>>>>> 		DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>> 	</AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>>
>>>>>> <Realm system.realm>
>>>>>> 	RewriteUsername	s/^([^@]+).*/$1/
>>>>>> </Realm>
>>>>>>
>>>>>>
>>>>>> <Realm ldap.realm>
>>>>>> 	<AuthBy LDAP2>
>>>>>> 		Host		xxxxxx
>>>>>> 		Port		389
>>>>>> 		AuthDN		cn=root
>>>>>> 		AuthPassword	xxxxxx
>>>>>> 		BaseDN		
>>>>> (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
>>>>>> 		UsernameAttr	uid
>>>>>> 		PasswordAttr    userPassword
>>>>>> 	</AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <Realm external.realm>
>>>>>> 	RewriteUsername	s/^([^@]+).*/$1/
>>>>>> 	<AuthBy EXTERNAL>
>>>>>> 		Command perl ./goodies/testcommand.pl
>>>>>> 		DecryptPassword
>>>>>> 	</AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>> <Realm internal.realm>
>>>>>> 	<AuthBy INTERNAL>
>>>>>> 		DefaultResult	accept
>>>>>> 	</AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>>
>>>>>> <Realm mobileip.realm>
>>>>>> 	RewriteUsername	s/^([^@]+).*/$1/
>>>>>> 	<AuthBy FILE>
>>>>>> 		Filename	./users
>>>>>> 	</AuthBy>
>>>>>> 	<AuthBy MOBILEIP>
>>>>>> 		DefaultHAAddress 192.10.10.2
>>>>>> 	</AuthBy>
>>>>>> </Realm>
>>>>>>
>>>>>>
>>>>>> <AuthBy FILE>
>>>>>> 	Identifier identifier1
>>>>>> </AuthBy>
>>>>>>
>>>>>>
>>>>>> <Realm xyz>
>>>>>> 	AuthBy identifier1
>>>>>> </Realm>
>>>>>>
>> ##################################################################
>>>>>>
>>>>>>
>>>>>> And this is output debug after "perl radpwtst -user driosr -
>>>>>> password pass" is execute:
>>>>>>
>>>>>>
>> ##################################################################
>>>>>> Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
>>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration
>>>>>> file '/etc/radiator/radius.cfg'
>>>>>> This Radiator license will expire on 2006-07-01
>>>>>> This Radiator license will stop operating after 1000 requests
>>>>>> To purchase an unlimited full source version of Radiator, see
>>>>>> http://www.open.com.au/ordering.html
>>>>>> To extend your license period, contact admin at open.com.au
>>>>>>
>>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/
>>>>>> radiator/dictionary'
>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/
>>>>>> radiator/dictionary.ascend'
>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port
>>>>>> 0.0.0.0:1645
>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port
>>>>> 0.0.0.0:1646
>>>>>> Fri Feb 10 07:45:28 2006: NOTICE: Server started:
>> Radiator 3.14 on
>>>>>> XXXX(LOCKED)
>>>>>> Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>> Code:       Access-Request
>>>>>> Identifier: 211
>>>>>> Authentic:  1234567890123456
>>>>>> Attributes:
>>>>>>         User-Name = "driosr"
>>>>>>         Service-Type = Framed-User
>>>>>>         NAS-IP-Address = 203.63.154.1
>>>>>>         NAS-Identifier = "203.63.154.1"
>>>>>>         NAS-Port = 1234
>>>>>>         Called-Station-Id = "123456789"
>>>>>>         Calling-Station-Id = "987654321"
>>>>>>         NAS-Port-Type = Async
>>>>>>         User-Password = <137><234>,<222><175>
>>>>>> \<4><246><188>8<9><160><216>}x<153>
>>>>>>
>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler
>>>>>> 'Realm=ldap.realm'
>>>>>> Fri Feb 10 07:46:17 2006: DEBUG:  Deleting session for driosr,
>>>>>> 203.63.154.1, 1234
>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling with Radius::AuthLDAP2:
>>>>>> Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
>>>>>> Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to LDAP server
>>>>>> XXXX:389
>>>>>> Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with
>>>>>> cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF)
>> (server XXXX:
>>>>>> 389).
>>>>>> Fri Feb 10 07:46:17 2006: ERR: Backing off from XXXX:389 for 600
>>>>>> seconds.
>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result:
>> IGNORE, User
>>>>>> database access error
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>> Code:       Accounting-Request
>>>>>> Identifier: 212
>>>>>> Authentic:
>> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
>>>>>> Attributes:
>>>>>>         User-Name = "driosr"
>>>>>>         Service-Type = Framed-User
>>>>>>         NAS-IP-Address = 203.63.154.1
>>>>>>         NAS-Identifier = "203.63.154.1"
>>>>>>         NAS-Port = 1234
>>>>>>         NAS-Port-Type = Async
>>>>>>         Acct-Session-Id = "00001234"
>>>>>>         Acct-Status-Type = Start
>>>>>>         Called-Station-Id = "123456789"
>>>>>>         Calling-Station-Id = "987654321"
>>>>>>         Acct-Delay-Time = 0
>>>>>>
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
>>>>>> 'Realm=ldap.realm'
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG:  Adding session for driosr,
>>>>>> 203.63.154.1, 1234
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>> *** Sending to 127.0.0.1 port 33466 ....
>>>>>> Code:       Accounting-Response
>>>>>> Identifier: 212
>>>>>> Authentic:
>> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
>>>>>> Attributes:
>>>>>>
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>> Code:       Accounting-Request
>>>>>> Identifier: 213
>>>>>> Authentic:  4f<127><151><175><206><15><9>uq<149><22>&_<238>M
>>>>>> Attributes:
>>>>>>         User-Name = "driosr"
>>>>>>         Service-Type = Framed-User
>>>>>>         NAS-IP-Address = 203.63.154.1
>>>>>>         NAS-Identifier = "203.63.154.1"
>>>>>>         NAS-Port = 1234
>>>>>>         NAS-Port-Type = Async
>>>>>>         Acct-Session-Id = "00001234"
>>>>>>         Acct-Status-Type = Stop
>>>>>>         Called-Station-Id = "123456789"
>>>>>>         Calling-Station-Id = "987654321"
>>>>>>         Acct-Delay-Time = 0
>>>>>>         Acct-Session-Time = 1000
>>>>>>         Acct-Input-Octets = 20000
>>>>>>         Acct-Output-Octets = 30000
>>>>>>
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
>>>>>> 'Realm=ldap.realm'
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG:  Deleting session for driosr,
>>>>>> 203.63.154.1, 1234
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with Radius::AuthLDAP2:
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>> *** Sending to 127.0.0.1 port 33466 ....
>>>>>> Code:       Accounting-Response
>>>>>> Identifier: 213
>>>>>> Authentic:  4f<127><151><175><206><15><9>uq<149><22>&_<238>M
>>>>>> Attributes:
>>>>>>
>> ##################################################################
>>>>>>
>>>>>>
>>>>>> And this is the output to "perl radpwtst -user driosr -password
>>>>>> pass" command:
>>>>>>
>>>>>>
>> ##################################################################
>>>>>> sending Access-Request...
>>>>>> No reply
>>>>>> sending Accounting-Request Start...
>>>>>> OK
>>>>>> sending Accounting-Request Stop...
>>>>>> OK
>>>>>>
>> ##################################################################
>>>>>>
>>>>>>
>>>>>> Could you help me?
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> -- 
>>>>>> David Rios R.
>>>>>>
>>>>>> --
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/
>>>>> archives/
>>>>> radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>>
>>>>> -- 
>>>>> Radiator: the most portable, flexible and configurable
>> RADIUS server
>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>> -
>>>>> Nets: internetwork inventory and management - graphical,
>> extensible,
>>>>> flexible with hardware, software, platform and database
>>>>> independence.
>>>>> -
>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>> systems.
>>>>>
>>>>>
>>>>>
>>>>
>>>> -- 
>>>> David Rios R.
>>>> Ingenieria de Desarrollo
>>>> Expansion Nuevos Servicios
>>>> Empresas Publicas de Medellin
>>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/
>>> archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database
>> independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and
>> Unix-like systems.
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
> -- 
> David Rios R.
> Ingenieria de Desarrollo
> Expansion Nuevos Servicios
> Empresas Publicas de Medellin
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list