[RADIATOR] Issue replicating config

Chris Rosan Chris.Rosan at europcar.com.au
Tue Jul 22 23:44:47 CDT 2008


Dear list/Open folks,

I'm trying to replicate the config of my Radiator server (3.17.1-1 on
Redhat 4) for a cold DR server and I'm not having much luck.

A previous staff member of mine set it up to do username re-writes for
new realms and to perform LDAP queries off our active directory for
these realms. This is the bit that I can't get working.

The bits of the config file that apply are:

 

 

# VPN realm check

 

<Realm>

        <AuthBy INTERNAL>

                DefaultResult REJECT

                AcctResult ACCEPT

        </AuthBy>

</Realm>

 

#################

#AD-LDAP section#

#################

# When authenticated with AuthByLDAP, the description

# field in a handler correspsonds to the group CN in LDAP

 

# The LDAP authentication

<AuthBy LDAP2>

        Identifier AuthByLDAP

 

        #Debug 255

 

        # LDAP bind

        Host AD-DOMAIN-Controller

        HoldServerConnection

        Timeout 4

    Port 3268

        AuthDN cn=bind-user,cn=Users,dc=ad-domain,dc=domain,dc=com,dc=au

        AuthPassword bind-password

 

        # The client authentication

        ServerChecksPassword

        UsernameAttr sAMAccountName

        BaseDN ou=All Users, ad-domain,dc=domain,dc=com,dc=au

        AuthAttrDef sAMAccountName,GENERIC,request

        AuthAttrDef memberOf,GENERIC,request

        PostSearchHook file:"%D/hooks/ldap_groups.pl"

</AuthBy>

 

VPN users

 

<Handler NAS-IP-Address=192.168.0.1,Realm=ad.domain.com.au>

        Description AU Remote Access - VPN

        RewriteUsername s/\@ad\.domain\.com\.au//

        AuthBy AuthByLDAP

</Handler>

Trace 4 output (doesn't talk at ALL about the AD Domain):

Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:

*** Received from 192.168.0.1 port 1025 ....

Code:       Access-Request

Identifier: 7

Authentic:  8<17>vw<228>M<2><19>PINo|<5>Z<139>

Attributes:

        User-Name = "chris rosan"

        User-Password = 1[<20>~<240>D!<248><229>*<133>V<172><21>K<161>

        NAS-IP-Address = 192.168.0.1

        NAS-Port = 15

        NAS-Port-Type = Virtual

 

Sun Jul 13 22:50:31 2008: DEBUG: Handling request with Handler 'Realm='

Sun Jul 13 22:50:31 2008: DEBUG:  Deleting session for chris rosan,
192.168.0.1, 15

Sun Jul 13 22:50:31 2008: DEBUG: Handling with AuthINTERNAL: 

Sun Jul 13 22:50:31 2008: DEBUG: AuthBy INTERNAL result: REJECT, Fixed
by DefaultResult

Sun Jul 13 22:50:31 2008: INFO: Access rejected for chris rosan: Fixed
by DefaultResult

Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:

*** Sending to 192.168.0.1 port 1025 ....

Code:       Access-Reject

Identifier: 7

Authentic:  8<17>vw<228>M<2><19>PINo|<5>Z<139>

Attributes:

        Reply-Message = "Request Denied"

 

I LITERALLY copied the config files over from the "live" server and
started Radius (with other bits such as Perl modules for Mysql DB etc).
Everything else works except this.

Can anyone make a suggestion on the cause?

Cheers.

 

Chris


This e-mail and any files attached to it are confidential and 
intended solely for the use of the individual or entity to 
whom they are addressed. If you have received this e-mail 
inadvertently or you are not the intended recipient, you may 
not distribute, copy or in any way rely on it. Further, you 
should notify the sender immediately and delete the e-mail 
from your computer. The contents and opinions contained in 
this e-mail are those of the individual sender unless they 
are expressly stated to be those of Europcar. Whilst we have 
taken precautions to alert us to the presence of computer 
viruses, we cannot and do not guarantee that this email and 
any files transmitted with it are free from such viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080723/2b707e5e/attachment.html>


More information about the radiator mailing list