(RADIATOR) ClientListLDAP - Is the attribute 'Identifier' supported? it seems no... any reason why?
Lohier, Matthew
Matthew.Lohier at pba.com.au
Tue Jun 27 02:48:22 CDT 2006
Hello Hugh,
Thanks for your reply, I have done that. But it seems there is a problem
with the support of oscRadiusIdenticalClients....
Let me explain:
I modified my conf with that clause:
<ClientListLDAP>
Host %{GlobalVar:LdapHost}
Port %{GlobalVar:LdapPort}
AuthDN %{GlobalVar:LdapBind}
AuthPassword %{GlobalVar:LdapPassword}
BaseDN ou=Radius client directory,dc=xxx
Scope sub
SearchFilter (objectClass=oscRadiusClient)
ClientAttrDef oscRadiusClientName,Name
ClientAttrDef oscRadiusClientIdentifier,Client-Identifier
ClientAttrDef oscRadiusSecret,Secret
ClientAttrDef oscRadiusIdenticalClients,IdenticalClients
</ClientListLDAP>
I have added the following entries in LDAP
cn: pdsn
oscRadiusClientName: 192.16.0.11
oscRadiusSecret: xxx
oscRadiusIdenticalClient: 192.16.0.12 192.16.0.13
cn: lns
oscRadiusClientName: 192.17.0.20
oscRadiusSecret: xxx
But a restart gives me that error:
> service radiator restart
Shutting down Radiator: [FAILED]
Starting Radiator: Can't use string ("1") as an ARRAY ref while "strict
refs" in use at /usr/lib/perl5/site_perl/5.8.5/Radius/Client.pm line
105, <DATA> line 283.
With this log file:
2006 Jun 27 17:26:41 dolly radiusd[4877]: Connecting to 192.16.0.6, port
889
2006 Jun 27 17:26:41 dolly radiusd[4877]: Attempting to bind to LDAP
server %{GlobalVar:LdapHost}:%{GlobalVar:LdapPort}
2006 Jun 27 17:26:41 dolly radiusd[4877]: Adding Clients from LDAP
database
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP SearchFilter:
(objectClass=oscRadiusClient), BaseDN: ou=Radius client
directory,dc=xxx, attrs: oscRadiusClientIdentifier oscRadiusSecret
oscRadiusIdenticalClients oscRadiusClientName
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP got result for
cn=pdsn,ou=Radius client directory,dc=xxx
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP got
oscRadiusClientIdentifier: pdsn
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP got
oscRadiusSecret: xxx
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP got
oscRadiusClientName: 192.16.0.11
2006 Jun 27 17:26:41 dolly radiusd[4877]: ClientListLDAP got
oscRadiusIdenticalClients: 192.16.0.12 192.16.0.13
So you see that it fails to find the other LDAP entry 'lns'. It stops on
the IdenticalClients attribute.
If I remove the oscRadiusIdenticalClients attribute from the LDAP entry
'pdsn', it works well. No error on restart, and the log file shows:
2006 Jun 27 17:27:57 dolly radiusd[4901]: Connecting to xxx.xxx.xxx.xxx,
port 889
2006 Jun 27 17:27:57 dolly radiusd[4901]: Attempting to bind to LDAP
server %{GlobalVar:LdapHost}:%{GlobalVar:LdapPort}
2006 Jun 27 17:27:57 dolly radiusd[4901]: Adding Clients from LDAP
database
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP SearchFilter:
(objectClass=oscRadiusClient), BaseDN: ou=Radius client
directory,dc=xxx, attrs: oscRadiusClientIdentifier oscRadiusSecret
oscRadiusIdenticalClients oscRadiusClientName
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got result for
cn=pdsn,ou=Radius client directory,dc=xxx
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusClientIdentifier: pdsn
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusSecret: xxx
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusClientName: 192.16.0.11
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got result for
cn=lns,ou=Radius client directory,dc=xxx
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusClientIdentifier: lns
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusClientName: 192.17.0.20
2006 Jun 27 17:27:57 dolly radiusd[4901]: ClientListLDAP got
oscRadiusSecret: xxxx
2006 Jun 27 17:27:57 dolly radiusd[4901]: Finished reading configuration
file
Would you mind looking at that problem?
Thanks a lot / Rgds
Matt
Personal Broadband Australia
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Monday, 26 June 2006 5:51 PM
To: Lohier, Matthew
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) ClientListLDAP - Is the attribute 'Identifier'
supported? it seems no... any reason why?
Hello Matt -
You are correct - you just need to modify the schema and use the
appropriate ClientAttrDef.
regards
Hugh
On 26 Jun 2006, at 09:22, Lohier, Matthew wrote:
> Hello,
>
>
>
> I'm using version Radiator-3.14 on linux. I have had hard-coded
> Client configuration in my config file and would like to move to an
> LDAP based configuration.
>
> The thing is that I'm using the 'Identifier' attribute in some
> Handler clauses (client-identifier=...), and it seems that the LDAP
> based Client clause don't have the Identifier attribute defined.
>
>
>
> Is it just a matter of modifying the schema, and adding it using
> ClientAttrDef? But then why would that be missing?
>
>
>
> Thanks for your help.
>
>
>
> Matt
>
>
>
> Personal Broadband Australia
>
> www.pba.com.au
>
----------------------------------------------------
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
----------------------------------------------------
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list