Hello Fred -
On Fri, 12 May 2000, Fred Donovan wrote:
> We have recently installed Radiator 2.15 on our RedHat Linux 6.2 box after
> installing Perl 5 v5.005, Perl LDAP v.16, and Perl MD5 v2.09. Everything
> compiled without a hitch. And, we modified the ldap.cfg file to reflect our
> environment. We're using OpenLDAP 1.2.9.
>
> The server worked perfectly for the first 14 hours, but then died overnight.
> After a fair amount of research, we found that Radiator dies when a user
> tries to authenticate using an incorrect username. In our case, it's a
> matter of a misspelled username, or old username that is no longer valid.
> Subsequent authentication attempts fall silently on Radiator's ears (fail)
> until Radiator is killed and restarted.
>
> OpenLDAP returns an error code of errno=0 and nentries=0 when the username
> is entered incorrectly, and the last log entry message says: Connecting to
> localhost, port 389. Radiator no longer processes authenication requests
> until restarted.
>
> Here is our config file and a trace 4 segment from our log for your review:
>
> # Revised radius.cfg based on ldap.cfg #
>
> LogDir .
> LogFile ./%Y-%m-logfile
> DbDir .
> Trace 4
>
>
> <Client xxx.xxx.xx.xx>
> Secret yyyyyyyy
> DupInterval 0
> </Client>
>
> <Client localhost>
> Secret yyyyyyyy
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>
> <AuthBy LDAP2>
> Host localhost
> AuthDN cn=Manager, o=my.domain.org, c=US
> AuthPassword xxxxxxxx
> BaseDN o=my.doman.org, c=US
> UsernameAttr uid
> EncryptedPasswordAttr userPassword
>
> AddToReply Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-IP-Netmask = 255.255.255.254,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> Debug 255
> </AuthBy>
>
> AcctLogFileName ./%Y-%m-Accounting_detail
>
> </Realm>
>
> Here's an excerpt from our logfile:
>
> Wed May 10 17:58:29 2000: DEBUG: Packet dump:
> *** Received from 134.174.91.8 port 2081 ....
>
> Packet length = 82
> 01 17 00 52 d7 c4 ad e2 73 30 a9 2e cf 5c 65 3a
> eb 48 e1 06 01 08 73 6d 6f 6b 65 79 02 12 96 ab
> 95 a0 38 83 f6 98 b2 af 5d b7 7e f3 42 6f 20 12
> 4c 61 6e 52 6f 76 65 72 45 5f 32 41 33 35 43 30
> 04 06 86 ae 5b 08 05 06 00 00 50 15 3d 06 00 00
> 00 00
> Code: Access-Request
> Identifier: 23
> Authentic: <215><196><173><226>s0<169>.<207>\e:<235>H<225><6>
> Attributes:
> User-Name = "smokey"
> User-Password =
> "<150><171><149><160>8<131><246><152><178><175>]<183>~<243>Bo"
> NAS-Identifier = "LanRoverE_2A35C0"
> NAS-IP-Address = 134.174.91.8
> NAS-Port = 20501
> NAS-Port-Type = Async
>
> Wed May 10 17:58:29 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 10 17:58:29 2000: DEBUG: Deleting session for smokey, 134.174.91.8,
> 20501
> Wed May 10 17:58:29 2000: DEBUG: Handling with Radius::AuthLDAP2
> Wed May 10 17:58:29 2000: DEBUG: Connecting to localhost, port 389
>
Is this the last entry in the logfile? I would be interested to see a bit more
context. We have also added some additional configuration parameters to the
AuthBy LDAP2 clause which may help in this situation.
HoldServerConnection will try to keep the connection to the LDAP server up
permanently, which has helped quite a few customers with similar problems.
ServerChecksPassword can also be used to request that the LDAP server check the
password internally, rather than returning it to Radiator to check.
Please let me know how you get on.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
