I've sent all the error log/debug output before .. but Kostas ask me to
troubleshoot more.... but i do not know where to start..... I will explain
again below:
Problem A
========
- Problem only exist when using FreeBSD 5.1 - with freeradius 0.9.2 & also
0.9.0 (not tested in 0.9.1)
- My LDAP server working fine all along(tested using manual ldapsearch when
problem happen)
i) Error from radius.log
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:03 2003 : Error: rlm_ldap:
uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
ii) From debug output
...........
rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter
(uid=spts)
rlm_ldap: checking if remote access for spts is allowed by dialupAccess
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600 &
op=11
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP & op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
op=11
rlm_ldap: user spts authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 561
modcall: group redundant returns ok for request 561
modcall: group authorize returns ok for request 561
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group Auth-Type for request 561
modcall: entering group redundant for request 561
rlm_ldap: - authenticate
rlm_ldap: login attempt by "spts" with password "XXXX"
rlm_ldap: user DN:
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1
rlm_ldap: bind as
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to
61.6.32
.201:389
rlm_ldap: waiting for bind result ...
rlm_ldap: ldap_result()
rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind
to 61.6.32.201:389 fai
led: timeout
rlm_ldap: ldap_connect() failed
modcall[authenticate]: module "ldap1" returns fail for request 561
rlm_ldap: - authenticate
rlm_ldap: login attempt by "spts" with password "XXXX"
rlm_ldap: user DN:
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1
rlm_ldap: bind as
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to
61.6.32
.97:389
rlm_ldap: waiting for bind result ...
rlm_ldap: ldap_result()
rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind
to 61.6.32.97:389 fail
ed: timeout
rlm_ldap: ldap_connect() failed
modcall[authenticate]: module "ldap2" returns fail for request 561
modcall: group redundant returns fail for request 561
modcall: group Auth-Type returns fail for request 561
auth: Failed to validate the user.
Login incorrect: [spts] (from client jhb34 port 239 cli 072270533)
Delaying request 561 for 1 seconds
Finished request 561
Going to the next request
.................
Problem B
========
- ADDED to above problem.. I'm still having "Unresponsive child" problem
- LDAP working fine...
- not that critical compare to above...
i) From radius.log
Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id 136795136)
for request 322196
Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id 136585216)
for request 322292
Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id 135698432)
for request 15206
ii) My ldap setting in radiusd.conf - maybe tuning is needed here.....
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256000
hostname_lookups = yes
allow_core_dumps = no
start_servers = 20
max_servers = 1024
min_spare_servers = 10
max_spare_servers = 20
ldap ldap2 {
server = "10.1.1.1"
identity = "cn=Sysadmin,ou=Applications,dc=jaring,dc=my"
password = XXXXXX
basedn = "ou=People,dc=jaring,dc=my"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 256
timeout = 10
timelimit =10
net_timeout = 5
}
Hopefully above info good enough to troubleshoot the problem...
--haizam
----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 10, 2003 10:47 PM
Subject: Re: Status...
> "Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> > Hopefully in 1.0 release, rlm_ldap can work well with FreeBSD 5.1
> > Currently it has problem.. so i stick with FreeBSD 4.8 (and 4.9)
>
> Are you willing to tell us what those problems are?
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
