[RADIATOR] Issue replicating config
Chris Rosan
Chris.Rosan at europcar.com.au
Tue Jul 22 23:44:47 CDT 2008
Dear list/Open folks,
I'm trying to replicate the config of my Radiator server (3.17.1-1 on
Redhat 4) for a cold DR server and I'm not having much luck.
A previous staff member of mine set it up to do username re-writes for
new realms and to perform LDAP queries off our active directory for
these realms. This is the bit that I can't get working.
The bits of the config file that apply are:
# VPN realm check
<Realm>
<AuthBy INTERNAL>
DefaultResult REJECT
AcctResult ACCEPT
</AuthBy>
</Realm>
#################
#AD-LDAP section#
#################
# When authenticated with AuthByLDAP, the description
# field in a handler correspsonds to the group CN in LDAP
# The LDAP authentication
<AuthBy LDAP2>
Identifier AuthByLDAP
#Debug 255
# LDAP bind
Host AD-DOMAIN-Controller
HoldServerConnection
Timeout 4
Port 3268
AuthDN cn=bind-user,cn=Users,dc=ad-domain,dc=domain,dc=com,dc=au
AuthPassword bind-password
# The client authentication
ServerChecksPassword
UsernameAttr sAMAccountName
BaseDN ou=All Users, ad-domain,dc=domain,dc=com,dc=au
AuthAttrDef sAMAccountName,GENERIC,request
AuthAttrDef memberOf,GENERIC,request
PostSearchHook file:"%D/hooks/ldap_groups.pl"
</AuthBy>
VPN users
<Handler NAS-IP-Address=192.168.0.1,Realm=ad.domain.com.au>
Description AU Remote Access - VPN
RewriteUsername s/\@ad\.domain\.com\.au//
AuthBy AuthByLDAP
</Handler>
Trace 4 output (doesn't talk at ALL about the AD Domain):
Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:
*** Received from 192.168.0.1 port 1025 ....
Code: Access-Request
Identifier: 7
Authentic: 8<17>vw<228>M<2><19>PINo|<5>Z<139>
Attributes:
User-Name = "chris rosan"
User-Password = 1[<20>~<240>D!<248><229>*<133>V<172><21>K<161>
NAS-IP-Address = 192.168.0.1
NAS-Port = 15
NAS-Port-Type = Virtual
Sun Jul 13 22:50:31 2008: DEBUG: Handling request with Handler 'Realm='
Sun Jul 13 22:50:31 2008: DEBUG: Deleting session for chris rosan,
192.168.0.1, 15
Sun Jul 13 22:50:31 2008: DEBUG: Handling with AuthINTERNAL:
Sun Jul 13 22:50:31 2008: DEBUG: AuthBy INTERNAL result: REJECT, Fixed
by DefaultResult
Sun Jul 13 22:50:31 2008: INFO: Access rejected for chris rosan: Fixed
by DefaultResult
Sun Jul 13 22:50:31 2008: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1025 ....
Code: Access-Reject
Identifier: 7
Authentic: 8<17>vw<228>M<2><19>PINo|<5>Z<139>
Attributes:
Reply-Message = "Request Denied"
I LITERALLY copied the config files over from the "live" server and
started Radius (with other bits such as Perl modules for Mysql DB etc).
Everything else works except this.
Can anyone make a suggestion on the cause?
Cheers.
Chris
This e-mail and any files attached to it are confidential and
intended solely for the use of the individual or entity to
whom they are addressed. If you have received this e-mail
inadvertently or you are not the intended recipient, you may
not distribute, copy or in any way rely on it. Further, you
should notify the sender immediately and delete the e-mail
from your computer. The contents and opinions contained in
this e-mail are those of the individual sender unless they
are expressly stated to be those of Europcar. Whilst we have
taken precautions to alert us to the presence of computer
viruses, we cannot and do not guarantee that this email and
any files transmitted with it are free from such viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080723/2b707e5e/attachment.html>
More information about the radiator
mailing list