(RADIATOR) Radiator doesn't bind to LDAP
David Felipe Rios Rojas
DRIOSR at eeppm.com
Fri Feb 17 08:24:10 CST 2006
> -----Mensaje original-----
> De: Hugh Irvine [mailto:hugh at open.com.au]
> Enviado el: Jueves, 16 de Febrero de 2006 05:15 p.m.
> Para: David Felipe Rios Rojas
> CC: Radiator-List list
> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>
>
> Hello David -
>
> Thanks for letting me know that you have the LDAP working.
>
> In answer to your question, yes you can use Radiator to return any
> attributes needed by the NAS.
>
> You would use the AuthAttrDef construct in your AuthBy LDAP2 clause.
>
> You can also use the AddToReply construct to return the common reply
> attributes.
>
> See section 5.36.16 in the Radiator 3.14 reference manual.
>
> regards
>
> Hugh
>
I think "AuthAttrDef" won't work for me (I'm a little confused);
I'll explain to you more clear:
Our users are grouped according to connectivity plan they have bought;
so each user has a number attribute in LDAP to know his/her group;
Radiator must not replay group number to RAS; _it should replay group
attributes_ according to group for every authenticated user; those attributes
could be stored in LDAP server, Radiator config file... it doesn't matter.
Do you understand me?
>
> On 17 Feb 2006, at 07:48, David Felipe Rios Rojas wrote:
>
> >
> >> -----Mensaje original-----
> >> De: Hugh Irvine [mailto:hugh at open.com.au]
> >> Enviado el: Miércoles, 15 de Febrero de 2006 05:49 p.m.
> >> Para: David Felipe Rios Rojas
> >> CC: Radiator-List list
> >> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> >>
> >>
> >> Hello David -
> >>
> >> Further to this you can add "Debug 255" to your AuthBy LDAP2 clause
> >> to get additional LDAP debugging.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >
> > Thank Hugh, "Debug" parameter was too useful; Radiator didn't send
> > anything to LDAP server because "Convert-ASN1" module was not
> > installed. Now it is authenticating!! Thanks a lot again.
> >
> > I have another problem: each LDAP user has an attribute to know what
> > kind of service has bought; we are working with Cisco CAR and it
> > returns
> > to RAS a lot of parameters according to that LDAP attribute; could I
> > do same task with Radiator?
> >
> >>
> >> On 16 Feb 2006, at 09:42, Hugh Irvine wrote:
> >>
> >>>
> >>> Hello David -
> >>>
> >>> I will need to see the complete configuration file and a trace 4
> >>> debug from startup showing what is happening.
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>>
> >>> On 16 Feb 2006, at 09:17, David Felipe Rios Rojas wrote:
> >>>
> >>>>
> >>>>> -----Mensaje original-----
> >>>>> De: Hugh Irvine [mailto:hugh at open.com.au]
> >>>>> Enviado el: Martes, 14 de Febrero de 2006 11:37 p.m.
> >>>>> Para: David Felipe Rios Rojas
> >>>>> CC: radiator at open.com.au
> >>>>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> >>>>>
> >>>>>
> >>>>> Hello David -
> >>>>>
> >>>>> I think the AuthBy LDAP 2 configuration is incorrect.
> >>>>>
> >>>>> Try this instead:
> >>>>>
> >>>>>
> >>>>> <Realm ldap.realm>
> >>>>> <AuthBy LDAP2>
> >>>>> Host xxxxxx
> >>>>> Port 389
> >>>>> AuthDN root
> >>>>> AuthPassword xxxxxx
> >>>>> BaseDN ou=xxxxx,o=xxxxx
> >>>>> SearchFilter (&(%0=%1)(radiusloginservice=E))
> >>>>> UsernameAttr uid
> >>>>> PasswordAttr userPassword
> >>>>> </AuthBy>
> >>>>> </Realm>
> >>>>>
> >>>>>
> >>>>> hope that helps
> >>>>>
> >>>>> regards
> >>>>>
> >>>>> Hugh
> >>>>>
> >>>>
> >>>> Hi Hugh.
> >>>>
> >>>> I changed config file as you wrote but it didn't work :(
> >>>>
> >>>> I used "snoop" to see what it was sending to LDAP server and
> >>>> guess what! it doesn't send anything!; this is information
> >>>> showed by snoop:
> >>>>
> >>>> #############################################
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 1 arrived at 14:56:10.23
> >>>> ETHER: Packet size = 62 bytes
> >>>> ETHER: Destination = 0:e0:b6:4:d9:62,
> >>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 48 bytes
> >>>> IP: Identification = 34837
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 64 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 479f
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 46731
> >>>> TCP: Destination port = 389 (LDAP)
> >>>> TCP: Sequence number = 3244986615
> >>>> TCP: Acknowledgement number = 0
> >>>> TCP: Data offset = 28 bytes
> >>>> TCP: Flags = 0x02
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...0 .... = No acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..1. = Syn
> >>>> TCP: .... ...0 = No Fin
> >>>> TCP: Window = 24820
> >>>> TCP: Checksum = 0xaca4
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: Options: (8 bytes)
> >>>> TCP: - No operation
> >>>> TCP: - No operation
> >>>> TCP: - SACK permitted option
> >>>> TCP: - Maximum segment size = 1460 bytes
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 2 arrived at 14:56:10.23
> >>>> ETHER: Packet size = 62 bytes
> >>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Source = 0:e0:b6:4:d9:62,
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 48 bytes
> >>>> IP: Identification = 16165
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 60 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 948f
> >>>> IP: Source address = ***.***.***.***, **********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 389
> >>>> TCP: Destination port = 46731
> >>>> TCP: Sequence number = 1601298321
> >>>> TCP: Acknowledgement number = 3244986616
> >>>> TCP: Data offset = 28 bytes
> >>>> TCP: Flags = 0x12
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..1. = Syn
> >>>> TCP: .... ...0 = No Fin
> >>>> TCP: Window = 64860
> >>>> TCP: Checksum = 0xd177
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: Options: (8 bytes)
> >>>> TCP: - Maximum segment size = 1380 bytes
> >>>> TCP: - No operation
> >>>> TCP: - No operation
> >>>> TCP: - SACK permitted option
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 3 arrived at 14:56:10.23
> >>>> ETHER: Packet size = 54 bytes
> >>>> ETHER: Destination = 0:e0:b6:4:d9:62,
> >>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 40 bytes
> >>>> IP: Identification = 34838
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 64 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 47a6
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, **********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 46731
> >>>> TCP: Destination port = 389 (LDAP)
> >>>> TCP: Sequence number = 3244986616
> >>>> TCP: Acknowledgement number = 1601298322
> >>>> TCP: Data offset = 20 bytes
> >>>> TCP: Flags = 0x10
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..0. = No Syn
> >>>> TCP: .... ...0 = No Fin
> >>>> TCP: Window = 24840
> >>>> TCP: Checksum = 0x9a40
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: No options
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 4 arrived at 14:56:10.23
> >>>> ETHER: Packet size = 54 bytes
> >>>> ETHER: Destination = 0:e0:b6:4:d9:62,
> >>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 40 bytes
> >>>> IP: Identification = 34839
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 64 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 47a5
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 46731
> >>>> TCP: Destination port = 389 (LDAP)
> >>>> TCP: Sequence number = 3244986616
> >>>> TCP: Acknowledgement number = 1601298322
> >>>> TCP: Data offset = 20 bytes
> >>>> TCP: Flags = 0x11
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..0. = No Syn
> >>>> TCP: .... ...1 = Fin
> >>>> TCP: Window = 24840
> >>>> TCP: Checksum = 0x9a3f
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: No options
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 5 arrived at 14:56:10.24
> >>>> ETHER: Packet size = 60 bytes
> >>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Source = 0:e0:b6:4:d9:62,
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 40 bytes
> >>>> IP: Identification = 16166
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 60 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 9496
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 389
> >>>> TCP: Destination port = 46731
> >>>> TCP: Sequence number = 1601298322
> >>>> TCP: Acknowledgement number = 3244986617
> >>>> TCP: Data offset = 20 bytes
> >>>> TCP: Flags = 0x10
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..0. = No Syn
> >>>> TCP: .... ...0 = No Fin
> >>>> TCP: Window = 64860
> >>>> TCP: Checksum = 0xfdea
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: No options
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 6 arrived at 14:56:11.67
> >>>> ETHER: Packet size = 60 bytes
> >>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Source = 0:e0:b6:4:d9:62,
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 40 bytes
> >>>> IP: Identification = 16167
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 60 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 9495
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 389
> >>>> TCP: Destination port = 46731
> >>>> TCP: Sequence number = 1601298322
> >>>> TCP: Acknowledgement number = 3244986617
> >>>> TCP: Data offset = 20 bytes
> >>>> TCP: Flags = 0x11
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..0. = No Syn
> >>>> TCP: .... ...1 = Fin
> >>>> TCP: Window = 64860
> >>>> TCP: Checksum = 0xfde9
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: No options
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>>
> >>>> ETHER: ----- Ether Header -----
> >>>> ETHER:
> >>>> ETHER: Packet 7 arrived at 14:56:11.67
> >>>> ETHER: Packet size = 54 bytes
> >>>> ETHER: Destination = 0:e0:b6:4:d9:62,
> >>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
> >>>> ETHER: Ethertype = 0800 (IP)
> >>>> ETHER:
> >>>> IP: ----- IP Header -----
> >>>> IP:
> >>>> IP: Version = 4
> >>>> IP: Header length = 20 bytes
> >>>> IP: Type of service = 0x00
> >>>> IP: xxx. .... = 0 (precedence)
> >>>> IP: ...0 .... = normal delay
> >>>> IP: .... 0... = normal throughput
> >>>> IP: .... .0.. = normal reliability
> >>>> IP: Total length = 40 bytes
> >>>> IP: Identification = 34840
> >>>> IP: Flags = 0x4
> >>>> IP: .1.. .... = do not fragment
> >>>> IP: ..0. .... = last fragment
> >>>> IP: Fragment offset = 0 bytes
> >>>> IP: Time to live = 64 seconds/hops
> >>>> IP: Protocol = 6 (TCP)
> >>>> IP: Header checksum = 47a4
> >>>> IP: Source address = ***.***.***.***, ********
> >>>> IP: Destination address = ***.***.***.***, ********
> >>>> IP: No options
> >>>> IP:
> >>>> TCP: ----- TCP Header -----
> >>>> TCP:
> >>>> TCP: Source port = 46731
> >>>> TCP: Destination port = 389 (LDAP)
> >>>> TCP: Sequence number = 3244986617
> >>>> TCP: Acknowledgement number = 1601298323
> >>>> TCP: Data offset = 20 bytes
> >>>> TCP: Flags = 0x10
> >>>> TCP: ..0. .... = No urgent pointer
> >>>> TCP: ...1 .... = Acknowledgement
> >>>> TCP: .... 0... = No push
> >>>> TCP: .... .0.. = No reset
> >>>> TCP: .... ..0. = No Syn
> >>>> TCP: .... ...0 = No Fin
> >>>> TCP: Window = 24840
> >>>> TCP: Checksum = 0x9a3e
> >>>> TCP: Urgent pointer = 0
> >>>> TCP: No options
> >>>> TCP:
> >>>> LDAP: ----- LDAP: -----
> >>>> LDAP:
> >>>> LDAP: ""
> >>>> LDAP:
> >>>> #############################################
> >>>>
> >>>> If you use grep to filter it, you could see that lines with
> >>>> "LDAP:" don't have any important information.
> >>>>
> >>>> PD. Sensible information was replace with "*"
> >>>>
> >>>>>
> >>>>> On 14 Feb 2006, at 08:45, David Felipe Rios Rojas wrote:
> >>>>>
> >>>>>> I'm testing Radiator for first time, but I'm a little
> >>>>> confused because
> >>>>>> an error message when it try binding to LDAP server; I use LDAP
> >>>>>> superuser account just to try it.
> >>>>>>
> >>>>>> Next is my config file; it was made based on sample
> >>>>> configuration file
> >>>>>> provided and several items are not configured yet
> because I just
> >>>>>> want to
> >>>>>> test LDAP binding first.
> >>>>>>
> >>>>>> Here we go:
> >>>>>>
> >>>>>>
> >> ##################################################################
> >>>>>> Foreground
> >>>>>>
> >>>>>> LogStdout
> >>>>>>
> >>>>>> Trace 4
> >>>>>>
> >>>>>> PidFile /tmp/radiusd.pid
> >>>>>>
> >>>>>> AuthPort 1645
> >>>>>>
> >>>>>> AcctPort 1646
> >>>>>>
> >>>>>> LogFile %L/%Y-%m-%d_logfile
> >>>>>> LogDir /var/log/radius
> >>>>>>
> >>>>>> DbDir .
> >>>>>>
> >>>>>> DictionaryFile /etc/radiator/dictionary,/etc/radiator/
> >>>>>> dictionary.ascend
> >>>>>>
> >>>>>> User radius
> >>>>>> Group radius
> >>>>>>
> >>>>>> <Client DEFAULT>
> >>>>>> Secret mysecret
> >>>>>> DupInterval 0
> >>>>>> DefaultRealm ldap.realm
> >>>>>> StatusServerShowClientDetails
> >>>>>> </Client>
> >>>>>>
> >>>>>>
> >>>>>> <Realm DEFAULT>
> >>>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>> MaxSessions 2
> >>>>>> AcctLogFileName %L/detail
> >>>>>> WtmpFileName %L/wtmp
> >>>>>> PasswordLogFileName %L/password.log
> >>>>>> RejectHasReason
> >>>>>>
> >>>>>> <AuthBy FILE>
> >>>>>> Filename /etc/radiator/users
> >>>>>> DynamicReply USR-IP-Input-Filter
> >>>>>> DynamicCheck Group
> >>>>>> UseAddressHint
> >>>>>> AddToReply Reply-Message=hello
> >>>>>> AddToReplyIfNotExist Ascend-Data-Filter="ip in
> >>>>> forward tcp est"
> >>>>>> DefaultReply
> >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>>>> RejectEmptyPassword
> >>>>>> AutoMPPEKeys
> >>>>>> EAPType MD5-Challenge
> >>>>>> </AuthBy>
> >>>>>>
> >>>>>> <AuthBy GROUP>
> >>>>>> AuthByPolicy ContinueUntilAccept
> >>>>>> AddToReply Reply-Message=xxxx
> >>>>>> <AuthBy FILE>
> >>>>>> Filename users
> >>>>>> </AuthBy>
> >>>>>> <AuthBy FILE>
> >>>>>> Filename users
> >>>>>> </AuthBy>
> >>>>>> </AuthBy>
> >>>>>>
> >>>>>> </Realm>
> >>>>>>
> >>>>>> <Realm unix.realm>
> >>>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>>
> >>>>>> <AuthBy UNIX>
> >>>>>> Identifier System
> >>>>>> DefaultReply
> >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>>>> </AuthBy>
> >>>>>> </Realm>
> >>>>>>
> >>>>>>
> >>>>>> <Realm system.realm>
> >>>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>> </Realm>
> >>>>>>
> >>>>>>
> >>>>>> <Realm ldap.realm>
> >>>>>> <AuthBy LDAP2>
> >>>>>> Host xxxxxx
> >>>>>> Port 389
> >>>>>> AuthDN cn=root
> >>>>>> AuthPassword xxxxxx
> >>>>>> BaseDN
> >>>>> (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
> >>>>>> UsernameAttr uid
> >>>>>> PasswordAttr userPassword
> >>>>>> </AuthBy>
> >>>>>> </Realm>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> <Realm external.realm>
> >>>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>> <AuthBy EXTERNAL>
> >>>>>> Command perl ./goodies/testcommand.pl
> >>>>>> DecryptPassword
> >>>>>> </AuthBy>
> >>>>>> </Realm>
> >>>>>>
> >>>>>> <Realm internal.realm>
> >>>>>> <AuthBy INTERNAL>
> >>>>>> DefaultResult accept
> >>>>>> </AuthBy>
> >>>>>> </Realm>
> >>>>>>
> >>>>>>
> >>>>>> <Realm mobileip.realm>
> >>>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>> <AuthBy FILE>
> >>>>>> Filename ./users
> >>>>>> </AuthBy>
> >>>>>> <AuthBy MOBILEIP>
> >>>>>> DefaultHAAddress 192.10.10.2
> >>>>>> </AuthBy>
> >>>>>> </Realm>
> >>>>>>
> >>>>>>
> >>>>>> <AuthBy FILE>
> >>>>>> Identifier identifier1
> >>>>>> </AuthBy>
> >>>>>>
> >>>>>>
> >>>>>> <Realm xyz>
> >>>>>> AuthBy identifier1
> >>>>>> </Realm>
> >>>>>>
> >> ##################################################################
> >>>>>>
> >>>>>>
> >>>>>> And this is output debug after "perl radpwtst -user driosr -
> >>>>>> password pass" is execute:
> >>>>>>
> >>>>>>
> >> ##################################################################
> >>>>>> Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
> >>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration
> >>>>>> file '/etc/radiator/radius.cfg'
> >>>>>> This Radiator license will expire on 2006-07-01
> >>>>>> This Radiator license will stop operating after 1000 requests
> >>>>>> To purchase an unlimited full source version of Radiator, see
> >>>>>> http://www.open.com.au/ordering.html
> >>>>>> To extend your license period, contact admin at open.com.au
> >>>>>>
> >>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/
> >>>>>> radiator/dictionary'
> >>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/
> >>>>>> radiator/dictionary.ascend'
> >>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port
> >>>>>> 0.0.0.0:1645
> >>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port
> >>>>> 0.0.0.0:1646
> >>>>>> Fri Feb 10 07:45:28 2006: NOTICE: Server started:
> >> Radiator 3.14 on
> >>>>>> XXXX(LOCKED)
> >>>>>> Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
> >>>>>> *** Received from 127.0.0.1 port 33466 ....
> >>>>>> Code: Access-Request
> >>>>>> Identifier: 211
> >>>>>> Authentic: 1234567890123456
> >>>>>> Attributes:
> >>>>>> User-Name = "driosr"
> >>>>>> Service-Type = Framed-User
> >>>>>> NAS-IP-Address = 203.63.154.1
> >>>>>> NAS-Identifier = "203.63.154.1"
> >>>>>> NAS-Port = 1234
> >>>>>> Called-Station-Id = "123456789"
> >>>>>> Calling-Station-Id = "987654321"
> >>>>>> NAS-Port-Type = Async
> >>>>>> User-Password = <137><234>,<222><175>
> >>>>>> \<4><246><188>8<9><160><216>}x<153>
> >>>>>>
> >>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler
> >>>>>> 'Realm=ldap.realm'
> >>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Deleting session for driosr,
> >>>>>> 203.63.154.1, 1234
> >>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling with
> Radius::AuthLDAP2:
> >>>>>> Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
> >>>>>> Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to
> LDAP server
> >>>>>> XXXX:389
> >>>>>> Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with
> >>>>>> cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF)
> >> (server XXXX:
> >>>>>> 389).
> >>>>>> Fri Feb 10 07:46:17 2006: ERR: Backing off from
> XXXX:389 for 600
> >>>>>> seconds.
> >>>>>> Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result:
> >> IGNORE, User
> >>>>>> database access error
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>>>> *** Received from 127.0.0.1 port 33466 ....
> >>>>>> Code: Accounting-Request
> >>>>>> Identifier: 212
> >>>>>> Authentic:
> >> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>>>> Attributes:
> >>>>>> User-Name = "driosr"
> >>>>>> Service-Type = Framed-User
> >>>>>> NAS-IP-Address = 203.63.154.1
> >>>>>> NAS-Identifier = "203.63.154.1"
> >>>>>> NAS-Port = 1234
> >>>>>> NAS-Port-Type = Async
> >>>>>> Acct-Session-Id = "00001234"
> >>>>>> Acct-Status-Type = Start
> >>>>>> Called-Station-Id = "123456789"
> >>>>>> Calling-Station-Id = "987654321"
> >>>>>> Acct-Delay-Time = 0
> >>>>>>
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>>>> 'Realm=ldap.realm'
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Adding session for driosr,
> >>>>>> 203.63.154.1, 1234
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with
> Radius::AuthLDAP2:
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>>>> Code: Accounting-Response
> >>>>>> Identifier: 212
> >>>>>> Authentic:
> >> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
> >>>>>> Attributes:
> >>>>>>
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>>>> *** Received from 127.0.0.1 port 33466 ....
> >>>>>> Code: Accounting-Request
> >>>>>> Identifier: 213
> >>>>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>>>> Attributes:
> >>>>>> User-Name = "driosr"
> >>>>>> Service-Type = Framed-User
> >>>>>> NAS-IP-Address = 203.63.154.1
> >>>>>> NAS-Identifier = "203.63.154.1"
> >>>>>> NAS-Port = 1234
> >>>>>> NAS-Port-Type = Async
> >>>>>> Acct-Session-Id = "00001234"
> >>>>>> Acct-Status-Type = Stop
> >>>>>> Called-Station-Id = "123456789"
> >>>>>> Calling-Station-Id = "987654321"
> >>>>>> Acct-Delay-Time = 0
> >>>>>> Acct-Session-Time = 1000
> >>>>>> Acct-Input-Octets = 20000
> >>>>>> Acct-Output-Octets = 30000
> >>>>>>
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
> >>>>>> 'Realm=ldap.realm'
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Deleting session for driosr,
> >>>>>> 203.63.154.1, 1234
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with
> Radius::AuthLDAP2:
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
> >>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
> >>>>>> *** Sending to 127.0.0.1 port 33466 ....
> >>>>>> Code: Accounting-Response
> >>>>>> Identifier: 213
> >>>>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
> >>>>>> Attributes:
> >>>>>>
> >> ##################################################################
> >>>>>>
> >>>>>>
> >>>>>> And this is the output to "perl radpwtst -user driosr -password
> >>>>>> pass" command:
> >>>>>>
> >>>>>>
> >> ##################################################################
> >>>>>> sending Access-Request...
> >>>>>> No reply
> >>>>>> sending Accounting-Request Start...
> >>>>>> OK
> >>>>>> sending Accounting-Request Stop...
> >>>>>> OK
> >>>>>>
> >> ##################################################################
> >>>>>>
> >>>>>>
> >>>>>> Could you help me?
> >>>>>>
> >>>>>> Thanks in advance.
> >>>>>>
> >>>>>> --
> >>>>>> David Rios R.
> >>>>>>
> >>>>>> --
> >>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>> Announcements on radiator-announce at open.com.au
> >>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>
> >>>>>
> >>>>> NB:
> >>>>>
> >>>>> Have you read the reference manual ("doc/ref.html")?
> >>>>> Have you searched the mailing list archive (www.open.com.au/
> >>>>> archives/
> >>>>> radiator)?
> >>>>> Have you had a quick look on Google (www.google.com)?
> >>>>> Have you included a copy of your configuration file (no
> secrets),
> >>>>> together with a trace 4 debug showing what is happening?
> >>>>>
> >>>>> --
> >>>>> Radiator: the most portable, flexible and configurable
> >> RADIUS server
> >>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>>> -
> >>>>> Nets: internetwork inventory and management - graphical,
> >> extensible,
> >>>>> flexible with hardware, software, platform and database
> >>>>> independence.
> >>>>> -
> >>>>> CATool: Private Certificate Authority for Unix and Unix-like
> >>>>> systems.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> David Rios R.
> >>>> Ingenieria de Desarrollo
> >>>> Expansion Nuevos Servicios
> >>>> Empresas Publicas de Medellin
> >>>>
> >>>
> >>>
> >>> NB:
> >>>
> >>> Have you read the reference manual ("doc/ref.html")?
> >>> Have you searched the mailing list archive (www.open.com.au/
> >>> archives/radiator)?
> >>> Have you had a quick look on Google (www.google.com)?
> >>> Have you included a copy of your configuration file (no secrets),
> >>> together with a trace 4 debug showing what is happening?
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable
> RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical,
> extensible,
> >>> flexible with hardware, software, platform and database
> >> independence.
> >>> -
> >>> CATool: Private Certificate Authority for Unix and
> >> Unix-like systems.
> >>>
> >>>
> >>> --
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>
> >>
> >> NB:
> >>
> >> Have you read the reference manual ("doc/ref.html")?
> >> Have you searched the mailing list archive
> (www.open.com.au/archives/
> >> radiator)?
> >> Have you had a quick look on Google (www.google.com)?
> >> Have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable
> RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical,
> extensible,
> >> flexible with hardware, software, platform and database
> independence.
> >> -
> >> CATool: Private Certificate Authority for Unix and
> Unix-like systems.
> >>
> >>
> >>
> >
> > --
> > David Rios R.
> > Ingenieria de Desarrollo
> > Expansion Nuevos Servicios
> > Empresas Publicas de Medellin
> >
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
--
David Rios R.
Ingenieria de Desarrollo
Expansion Nuevos Servicios
Empresas Publicas de Medellin
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list