(RADIATOR) Radiator doesn't bind to LDAP
Hugh Irvine
hugh at open.com.au
Fri Feb 17 16:38:04 CST 2006
Hello David -
You will need to use two AuthBy LDAP clauses - the first to
authenticate the user and get the GroupId, and the second to get the
GroupAttributes for the GroupId.
Something like this:
<Realm ....>
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
# authenticate the user and return the GroupId in the request
.......
AuthAttrDef GroupId, GroupId, request
</AuthBy>
<AuthBy LDAP>
# get the GroupAttributes for this GroupId
......
SearchFilter .....GroupId....
AuthAttrDef GroupAttributes, GENERIC, reply
</AuthBy>
</Realm>
The GroupAttributes field will contain the list of attribute=value
pairs sepatated by commas:
..... = ....... , ........ = ........ , ........ = ..........
Hope that helps.
regards
Hugh
On 18 Feb 2006, at 01:24, David Felipe Rios Rojas wrote:
>
>> -----Mensaje original-----
>> De: Hugh Irvine [mailto:hugh at open.com.au]
>> Enviado el: Jueves, 16 de Febrero de 2006 05:15 p.m.
>> Para: David Felipe Rios Rojas
>> CC: Radiator-List list
>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>
>>
>> Hello David -
>>
>> Thanks for letting me know that you have the LDAP working.
>>
>> In answer to your question, yes you can use Radiator to return any
>> attributes needed by the NAS.
>>
>> You would use the AuthAttrDef construct in your AuthBy LDAP2 clause.
>>
>> You can also use the AddToReply construct to return the common reply
>> attributes.
>>
>> See section 5.36.16 in the Radiator 3.14 reference manual.
>>
>> regards
>>
>> Hugh
>>
>
> I think "AuthAttrDef" won't work for me (I'm a little confused);
> I'll explain to you more clear:
>
> Our users are grouped according to connectivity plan they have bought;
> so each user has a number attribute in LDAP to know his/her group;
> Radiator must not replay group number to RAS; _it should replay group
> attributes_ according to group for every authenticated user; those
> attributes
> could be stored in LDAP server, Radiator config file... it doesn't
> matter.
>
> Do you understand me?
>
>
>>
>> On 17 Feb 2006, at 07:48, David Felipe Rios Rojas wrote:
>>
>>>
>>>> -----Mensaje original-----
>>>> De: Hugh Irvine [mailto:hugh at open.com.au]
>>>> Enviado el: Miércoles, 15 de Febrero de 2006 05:49 p.m.
>>>> Para: David Felipe Rios Rojas
>>>> CC: Radiator-List list
>>>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>>>
>>>>
>>>> Hello David -
>>>>
>>>> Further to this you can add "Debug 255" to your AuthBy LDAP2 clause
>>>> to get additional LDAP debugging.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>
>>> Thank Hugh, "Debug" parameter was too useful; Radiator didn't send
>>> anything to LDAP server because "Convert-ASN1" module was not
>>> installed. Now it is authenticating!! Thanks a lot again.
>>>
>>> I have another problem: each LDAP user has an attribute to know what
>>> kind of service has bought; we are working with Cisco CAR and it
>>> returns
>>> to RAS a lot of parameters according to that LDAP attribute; could I
>>> do same task with Radiator?
>>>
>>>>
>>>> On 16 Feb 2006, at 09:42, Hugh Irvine wrote:
>>>>
>>>>>
>>>>> Hello David -
>>>>>
>>>>> I will need to see the complete configuration file and a trace 4
>>>>> debug from startup showing what is happening.
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 16 Feb 2006, at 09:17, David Felipe Rios Rojas wrote:
>>>>>
>>>>>>
>>>>>>> -----Mensaje original-----
>>>>>>> De: Hugh Irvine [mailto:hugh at open.com.au]
>>>>>>> Enviado el: Martes, 14 de Febrero de 2006 11:37 p.m.
>>>>>>> Para: David Felipe Rios Rojas
>>>>>>> CC: radiator at open.com.au
>>>>>>> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
>>>>>>>
>>>>>>>
>>>>>>> Hello David -
>>>>>>>
>>>>>>> I think the AuthBy LDAP 2 configuration is incorrect.
>>>>>>>
>>>>>>> Try this instead:
>>>>>>>
>>>>>>>
>>>>>>> <Realm ldap.realm>
>>>>>>> <AuthBy LDAP2>
>>>>>>> Host xxxxxx
>>>>>>> Port 389
>>>>>>> AuthDN root
>>>>>>> AuthPassword xxxxxx
>>>>>>> BaseDN ou=xxxxx,o=xxxxx
>>>>>>> SearchFilter (&(%0=%1)(radiusloginservice=E))
>>>>>>> UsernameAttr uid
>>>>>>> PasswordAttr userPassword
>>>>>>> </AuthBy>
>>>>>>> </Realm>
>>>>>>>
>>>>>>>
>>>>>>> hope that helps
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>> Hugh
>>>>>>>
>>>>>>
>>>>>> Hi Hugh.
>>>>>>
>>>>>> I changed config file as you wrote but it didn't work :(
>>>>>>
>>>>>> I used "snoop" to see what it was sending to LDAP server and
>>>>>> guess what! it doesn't send anything!; this is information
>>>>>> showed by snoop:
>>>>>>
>>>>>> #############################################
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 1 arrived at 14:56:10.23
>>>>>> ETHER: Packet size = 62 bytes
>>>>>> ETHER: Destination = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 48 bytes
>>>>>> IP: Identification = 34837
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 64 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 479f
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 46731
>>>>>> TCP: Destination port = 389 (LDAP)
>>>>>> TCP: Sequence number = 3244986615
>>>>>> TCP: Acknowledgement number = 0
>>>>>> TCP: Data offset = 28 bytes
>>>>>> TCP: Flags = 0x02
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...0 .... = No acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..1. = Syn
>>>>>> TCP: .... ...0 = No Fin
>>>>>> TCP: Window = 24820
>>>>>> TCP: Checksum = 0xaca4
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: Options: (8 bytes)
>>>>>> TCP: - No operation
>>>>>> TCP: - No operation
>>>>>> TCP: - SACK permitted option
>>>>>> TCP: - Maximum segment size = 1460 bytes
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 2 arrived at 14:56:10.23
>>>>>> ETHER: Packet size = 62 bytes
>>>>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Source = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 48 bytes
>>>>>> IP: Identification = 16165
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 60 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 948f
>>>>>> IP: Source address = ***.***.***.***, **********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 389
>>>>>> TCP: Destination port = 46731
>>>>>> TCP: Sequence number = 1601298321
>>>>>> TCP: Acknowledgement number = 3244986616
>>>>>> TCP: Data offset = 28 bytes
>>>>>> TCP: Flags = 0x12
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..1. = Syn
>>>>>> TCP: .... ...0 = No Fin
>>>>>> TCP: Window = 64860
>>>>>> TCP: Checksum = 0xd177
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: Options: (8 bytes)
>>>>>> TCP: - Maximum segment size = 1380 bytes
>>>>>> TCP: - No operation
>>>>>> TCP: - No operation
>>>>>> TCP: - SACK permitted option
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 3 arrived at 14:56:10.23
>>>>>> ETHER: Packet size = 54 bytes
>>>>>> ETHER: Destination = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 40 bytes
>>>>>> IP: Identification = 34838
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 64 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 47a6
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, **********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 46731
>>>>>> TCP: Destination port = 389 (LDAP)
>>>>>> TCP: Sequence number = 3244986616
>>>>>> TCP: Acknowledgement number = 1601298322
>>>>>> TCP: Data offset = 20 bytes
>>>>>> TCP: Flags = 0x10
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..0. = No Syn
>>>>>> TCP: .... ...0 = No Fin
>>>>>> TCP: Window = 24840
>>>>>> TCP: Checksum = 0x9a40
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: No options
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 4 arrived at 14:56:10.23
>>>>>> ETHER: Packet size = 54 bytes
>>>>>> ETHER: Destination = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 40 bytes
>>>>>> IP: Identification = 34839
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 64 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 47a5
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 46731
>>>>>> TCP: Destination port = 389 (LDAP)
>>>>>> TCP: Sequence number = 3244986616
>>>>>> TCP: Acknowledgement number = 1601298322
>>>>>> TCP: Data offset = 20 bytes
>>>>>> TCP: Flags = 0x11
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..0. = No Syn
>>>>>> TCP: .... ...1 = Fin
>>>>>> TCP: Window = 24840
>>>>>> TCP: Checksum = 0x9a3f
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: No options
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 5 arrived at 14:56:10.24
>>>>>> ETHER: Packet size = 60 bytes
>>>>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Source = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 40 bytes
>>>>>> IP: Identification = 16166
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 60 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 9496
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 389
>>>>>> TCP: Destination port = 46731
>>>>>> TCP: Sequence number = 1601298322
>>>>>> TCP: Acknowledgement number = 3244986617
>>>>>> TCP: Data offset = 20 bytes
>>>>>> TCP: Flags = 0x10
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..0. = No Syn
>>>>>> TCP: .... ...0 = No Fin
>>>>>> TCP: Window = 64860
>>>>>> TCP: Checksum = 0xfdea
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: No options
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 6 arrived at 14:56:11.67
>>>>>> ETHER: Packet size = 60 bytes
>>>>>> ETHER: Destination = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Source = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 40 bytes
>>>>>> IP: Identification = 16167
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 60 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 9495
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 389
>>>>>> TCP: Destination port = 46731
>>>>>> TCP: Sequence number = 1601298322
>>>>>> TCP: Acknowledgement number = 3244986617
>>>>>> TCP: Data offset = 20 bytes
>>>>>> TCP: Flags = 0x11
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..0. = No Syn
>>>>>> TCP: .... ...1 = Fin
>>>>>> TCP: Window = 64860
>>>>>> TCP: Checksum = 0xfde9
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: No options
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>>
>>>>>> ETHER: ----- Ether Header -----
>>>>>> ETHER:
>>>>>> ETHER: Packet 7 arrived at 14:56:11.67
>>>>>> ETHER: Packet size = 54 bytes
>>>>>> ETHER: Destination = 0:e0:b6:4:d9:62,
>>>>>> ETHER: Source = 8:0:20:c7:98:4c, Sun
>>>>>> ETHER: Ethertype = 0800 (IP)
>>>>>> ETHER:
>>>>>> IP: ----- IP Header -----
>>>>>> IP:
>>>>>> IP: Version = 4
>>>>>> IP: Header length = 20 bytes
>>>>>> IP: Type of service = 0x00
>>>>>> IP: xxx. .... = 0 (precedence)
>>>>>> IP: ...0 .... = normal delay
>>>>>> IP: .... 0... = normal throughput
>>>>>> IP: .... .0.. = normal reliability
>>>>>> IP: Total length = 40 bytes
>>>>>> IP: Identification = 34840
>>>>>> IP: Flags = 0x4
>>>>>> IP: .1.. .... = do not fragment
>>>>>> IP: ..0. .... = last fragment
>>>>>> IP: Fragment offset = 0 bytes
>>>>>> IP: Time to live = 64 seconds/hops
>>>>>> IP: Protocol = 6 (TCP)
>>>>>> IP: Header checksum = 47a4
>>>>>> IP: Source address = ***.***.***.***, ********
>>>>>> IP: Destination address = ***.***.***.***, ********
>>>>>> IP: No options
>>>>>> IP:
>>>>>> TCP: ----- TCP Header -----
>>>>>> TCP:
>>>>>> TCP: Source port = 46731
>>>>>> TCP: Destination port = 389 (LDAP)
>>>>>> TCP: Sequence number = 3244986617
>>>>>> TCP: Acknowledgement number = 1601298323
>>>>>> TCP: Data offset = 20 bytes
>>>>>> TCP: Flags = 0x10
>>>>>> TCP: ..0. .... = No urgent pointer
>>>>>> TCP: ...1 .... = Acknowledgement
>>>>>> TCP: .... 0... = No push
>>>>>> TCP: .... .0.. = No reset
>>>>>> TCP: .... ..0. = No Syn
>>>>>> TCP: .... ...0 = No Fin
>>>>>> TCP: Window = 24840
>>>>>> TCP: Checksum = 0x9a3e
>>>>>> TCP: Urgent pointer = 0
>>>>>> TCP: No options
>>>>>> TCP:
>>>>>> LDAP: ----- LDAP: -----
>>>>>> LDAP:
>>>>>> LDAP: ""
>>>>>> LDAP:
>>>>>> #############################################
>>>>>>
>>>>>> If you use grep to filter it, you could see that lines with
>>>>>> "LDAP:" don't have any important information.
>>>>>>
>>>>>> PD. Sensible information was replace with "*"
>>>>>>
>>>>>>>
>>>>>>> On 14 Feb 2006, at 08:45, David Felipe Rios Rojas wrote:
>>>>>>>
>>>>>>>> I'm testing Radiator for first time, but I'm a little
>>>>>>> confused because
>>>>>>>> an error message when it try binding to LDAP server; I use LDAP
>>>>>>>> superuser account just to try it.
>>>>>>>>
>>>>>>>> Next is my config file; it was made based on sample
>>>>>>> configuration file
>>>>>>>> provided and several items are not configured yet
>> because I just
>>>>>>>> want to
>>>>>>>> test LDAP binding first.
>>>>>>>>
>>>>>>>> Here we go:
>>>>>>>>
>>>>>>>>
>>>> ##################################################################
>>>>>>>> Foreground
>>>>>>>>
>>>>>>>> LogStdout
>>>>>>>>
>>>>>>>> Trace 4
>>>>>>>>
>>>>>>>> PidFile /tmp/radiusd.pid
>>>>>>>>
>>>>>>>> AuthPort 1645
>>>>>>>>
>>>>>>>> AcctPort 1646
>>>>>>>>
>>>>>>>> LogFile %L/%Y-%m-%d_logfile
>>>>>>>> LogDir /var/log/radius
>>>>>>>>
>>>>>>>> DbDir .
>>>>>>>>
>>>>>>>> DictionaryFile /etc/radiator/dictionary,/etc/radiator/
>>>>>>>> dictionary.ascend
>>>>>>>>
>>>>>>>> User radius
>>>>>>>> Group radius
>>>>>>>>
>>>>>>>> <Client DEFAULT>
>>>>>>>> Secret mysecret
>>>>>>>> DupInterval 0
>>>>>>>> DefaultRealm ldap.realm
>>>>>>>> StatusServerShowClientDetails
>>>>>>>> </Client>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm DEFAULT>
>>>>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>>>> MaxSessions 2
>>>>>>>> AcctLogFileName %L/detail
>>>>>>>> WtmpFileName %L/wtmp
>>>>>>>> PasswordLogFileName %L/password.log
>>>>>>>> RejectHasReason
>>>>>>>>
>>>>>>>> <AuthBy FILE>
>>>>>>>> Filename /etc/radiator/users
>>>>>>>> DynamicReply USR-IP-Input-Filter
>>>>>>>> DynamicCheck Group
>>>>>>>> UseAddressHint
>>>>>>>> AddToReply Reply-Message=hello
>>>>>>>> AddToReplyIfNotExist Ascend-Data-Filter="ip in
>>>>>>> forward tcp est"
>>>>>>>> DefaultReply
>>>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>>>> RejectEmptyPassword
>>>>>>>> AutoMPPEKeys
>>>>>>>> EAPType MD5-Challenge
>>>>>>>> </AuthBy>
>>>>>>>>
>>>>>>>> <AuthBy GROUP>
>>>>>>>> AuthByPolicy ContinueUntilAccept
>>>>>>>> AddToReply Reply-Message=xxxx
>>>>>>>> <AuthBy FILE>
>>>>>>>> Filename users
>>>>>>>> </AuthBy>
>>>>>>>> <AuthBy FILE>
>>>>>>>> Filename users
>>>>>>>> </AuthBy>
>>>>>>>> </AuthBy>
>>>>>>>>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>> <Realm unix.realm>
>>>>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>>>>
>>>>>>>> <AuthBy UNIX>
>>>>>>>> Identifier System
>>>>>>>> DefaultReply
>>>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>>>> </AuthBy>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm system.realm>
>>>>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm ldap.realm>
>>>>>>>> <AuthBy LDAP2>
>>>>>>>> Host xxxxxx
>>>>>>>> Port 389
>>>>>>>> AuthDN cn=root
>>>>>>>> AuthPassword xxxxxx
>>>>>>>> BaseDN
>>>>>>> (&(%0=%1,ou=xxxxx,o=xxxxx)(radiusloginservice=E))
>>>>>>>> UsernameAttr uid
>>>>>>>> PasswordAttr userPassword
>>>>>>>> </AuthBy>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm external.realm>
>>>>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>>>> <AuthBy EXTERNAL>
>>>>>>>> Command perl ./goodies/testcommand.pl
>>>>>>>> DecryptPassword
>>>>>>>> </AuthBy>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>> <Realm internal.realm>
>>>>>>>> <AuthBy INTERNAL>
>>>>>>>> DefaultResult accept
>>>>>>>> </AuthBy>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm mobileip.realm>
>>>>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>>>> <AuthBy FILE>
>>>>>>>> Filename ./users
>>>>>>>> </AuthBy>
>>>>>>>> <AuthBy MOBILEIP>
>>>>>>>> DefaultHAAddress 192.10.10.2
>>>>>>>> </AuthBy>
>>>>>>>> </Realm>
>>>>>>>>
>>>>>>>>
>>>>>>>> <AuthBy FILE>
>>>>>>>> Identifier identifier1
>>>>>>>> </AuthBy>
>>>>>>>>
>>>>>>>>
>>>>>>>> <Realm xyz>
>>>>>>>> AuthBy identifier1
>>>>>>>> </Realm>
>>>>>>>>
>>>> ##################################################################
>>>>>>>>
>>>>>>>>
>>>>>>>> And this is output debug after "perl radpwtst -user driosr -
>>>>>>>> password pass" is execute:
>>>>>>>>
>>>>>>>>
>>>> ##################################################################
>>>>>>>> Fri Feb 10 07:45:26 2006: DEBUG: Reading group file /etc/group
>>>>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Finished reading configuration
>>>>>>>> file '/etc/radiator/radius.cfg'
>>>>>>>> This Radiator license will expire on 2006-07-01
>>>>>>>> This Radiator license will stop operating after 1000 requests
>>>>>>>> To purchase an unlimited full source version of Radiator, see
>>>>>>>> http://www.open.com.au/ordering.html
>>>>>>>> To extend your license period, contact admin at open.com.au
>>>>>>>>
>>>>>>>> Fri Feb 10 07:45:27 2006: DEBUG: Reading dictionary file '/etc/
>>>>>>>> radiator/dictionary'
>>>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Reading dictionary file '/etc/
>>>>>>>> radiator/dictionary.ascend'
>>>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating authentication port
>>>>>>>> 0.0.0.0:1645
>>>>>>>> Fri Feb 10 07:45:28 2006: DEBUG: Creating accounting port
>>>>>>> 0.0.0.0:1646
>>>>>>>> Fri Feb 10 07:45:28 2006: NOTICE: Server started:
>>>> Radiator 3.14 on
>>>>>>>> XXXX(LOCKED)
>>>>>>>> Fri Feb 10 07:46:16 2006: DEBUG: Packet dump:
>>>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>>>> Code: Access-Request
>>>>>>>> Identifier: 211
>>>>>>>> Authentic: 1234567890123456
>>>>>>>> Attributes:
>>>>>>>> User-Name = "driosr"
>>>>>>>> Service-Type = Framed-User
>>>>>>>> NAS-IP-Address = 203.63.154.1
>>>>>>>> NAS-Identifier = "203.63.154.1"
>>>>>>>> NAS-Port = 1234
>>>>>>>> Called-Station-Id = "123456789"
>>>>>>>> Calling-Station-Id = "987654321"
>>>>>>>> NAS-Port-Type = Async
>>>>>>>> User-Password = <137><234>,<222><175>
>>>>>>>> \<4><246><188>8<9><160><216>}x<153>
>>>>>>>>
>>>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling request with Handler
>>>>>>>> 'Realm=ldap.realm'
>>>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Deleting session for driosr,
>>>>>>>> 203.63.154.1, 1234
>>>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: Handling with
>> Radius::AuthLDAP2:
>>>>>>>> Fri Feb 10 07:46:17 2006: INFO: Connecting to XXXX:389
>>>>>>>> Fri Feb 10 07:46:17 2006: INFO: Attempting to bind to
>> LDAP server
>>>>>>>> XXXX:389
>>>>>>>> Fri Feb 10 07:46:17 2006: ERR: Could not bind connection with
>>>>>>>> cn=root, xxxx, error: LDAP error code -1(0xFFFFFFFF)
>>>> (server XXXX:
>>>>>>>> 389).
>>>>>>>> Fri Feb 10 07:46:17 2006: ERR: Backing off from
>> XXXX:389 for 600
>>>>>>>> seconds.
>>>>>>>> Fri Feb 10 07:46:17 2006: DEBUG: AuthBy LDAP2 result:
>>>> IGNORE, User
>>>>>>>> database access error
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>>>> Code: Accounting-Request
>>>>>>>> Identifier: 212
>>>>>>>> Authentic:
>>>> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
>>>>>>>> Attributes:
>>>>>>>> User-Name = "driosr"
>>>>>>>> Service-Type = Framed-User
>>>>>>>> NAS-IP-Address = 203.63.154.1
>>>>>>>> NAS-Identifier = "203.63.154.1"
>>>>>>>> NAS-Port = 1234
>>>>>>>> NAS-Port-Type = Async
>>>>>>>> Acct-Session-Id = "00001234"
>>>>>>>> Acct-Status-Type = Start
>>>>>>>> Called-Station-Id = "123456789"
>>>>>>>> Calling-Station-Id = "987654321"
>>>>>>>> Acct-Delay-Time = 0
>>>>>>>>
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
>>>>>>>> 'Realm=ldap.realm'
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Adding session for driosr,
>>>>>>>> 203.63.154.1, 1234
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with
>> Radius::AuthLDAP2:
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>>>> *** Sending to 127.0.0.1 port 33466 ....
>>>>>>>> Code: Accounting-Response
>>>>>>>> Identifier: 212
>>>>>>>> Authentic:
>>>> .<16>t<179>;<188><213>L<151><182><131>L<144>p<159><245>
>>>>>>>> Attributes:
>>>>>>>>
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>>>> *** Received from 127.0.0.1 port 33466 ....
>>>>>>>> Code: Accounting-Request
>>>>>>>> Identifier: 213
>>>>>>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
>>>>>>>> Attributes:
>>>>>>>> User-Name = "driosr"
>>>>>>>> Service-Type = Framed-User
>>>>>>>> NAS-IP-Address = 203.63.154.1
>>>>>>>> NAS-Identifier = "203.63.154.1"
>>>>>>>> NAS-Port = 1234
>>>>>>>> NAS-Port-Type = Async
>>>>>>>> Acct-Session-Id = "00001234"
>>>>>>>> Acct-Status-Type = Stop
>>>>>>>> Called-Station-Id = "123456789"
>>>>>>>> Calling-Station-Id = "987654321"
>>>>>>>> Acct-Delay-Time = 0
>>>>>>>> Acct-Session-Time = 1000
>>>>>>>> Acct-Input-Octets = 20000
>>>>>>>> Acct-Output-Octets = 30000
>>>>>>>>
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling request with Handler
>>>>>>>> 'Realm=ldap.realm'
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Deleting session for driosr,
>>>>>>>> 203.63.154.1, 1234
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Handling with
>> Radius::AuthLDAP2:
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: AuthBy LDAP2 result: ACCEPT,
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Accounting accepted
>>>>>>>> Fri Feb 10 07:46:22 2006: DEBUG: Packet dump:
>>>>>>>> *** Sending to 127.0.0.1 port 33466 ....
>>>>>>>> Code: Accounting-Response
>>>>>>>> Identifier: 213
>>>>>>>> Authentic: 4f<127><151><175><206><15><9>uq<149><22>&_<238>M
>>>>>>>> Attributes:
>>>>>>>>
>>>> ##################################################################
>>>>>>>>
>>>>>>>>
>>>>>>>> And this is the output to "perl radpwtst -user driosr -password
>>>>>>>> pass" command:
>>>>>>>>
>>>>>>>>
>>>> ##################################################################
>>>>>>>> sending Access-Request...
>>>>>>>> No reply
>>>>>>>> sending Accounting-Request Start...
>>>>>>>> OK
>>>>>>>> sending Accounting-Request Stop...
>>>>>>>> OK
>>>>>>>>
>>>> ##################################################################
>>>>>>>>
>>>>>>>>
>>>>>>>> Could you help me?
>>>>>>>>
>>>>>>>> Thanks in advance.
>>>>>>>>
>>>>>>>> --
>>>>>>>> David Rios R.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>>
>>>>>>> NB:
>>>>>>>
>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>> Have you searched the mailing list archive (www.open.com.au/
>>>>>>> archives/
>>>>>>> radiator)?
>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>> Have you included a copy of your configuration file (no
>> secrets),
>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>
>>>>>>> --
>>>>>>> Radiator: the most portable, flexible and configurable
>>>> RADIUS server
>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>> -
>>>>>>> Nets: internetwork inventory and management - graphical,
>>>> extensible,
>>>>>>> flexible with hardware, software, platform and database
>>>>>>> independence.
>>>>>>> -
>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>>> systems.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> David Rios R.
>>>>>> Ingenieria de Desarrollo
>>>>>> Expansion Nuevos Servicios
>>>>>> Empresas Publicas de Medellin
>>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/
>>>>> archives/radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>>
>>>>> --
>>>>> Radiator: the most portable, flexible and configurable
>> RADIUS server
>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>> -
>>>>> Nets: internetwork inventory and management - graphical,
>> extensible,
>>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>>> -
>>>>> CATool: Private Certificate Authority for Unix and
>>>> Unix-like systems.
>>>>>
>>>>>
>>>>> --
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive
>> (www.open.com.au/archives/
>>>> radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable
>> RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical,
>> extensible,
>>>> flexible with hardware, software, platform and database
>> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and
>> Unix-like systems.
>>>>
>>>>
>>>>
>>>
>>> --
>>> David Rios R.
>>> Ingenieria de Desarrollo
>>> Expansion Nuevos Servicios
>>> Empresas Publicas de Medellin
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
> --
> David Rios R.
> Ingenieria de Desarrollo
> Expansion Nuevos Servicios
> Empresas Publicas de Medellin
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list