Hello Aaron -
On Fri, 14 Jan 2000, Aaron Liu wrote:
> Dear all,
>
> We got a frozen radiator which refused access-requests. Here is the
> debug log (at trace level 5) at that particular moment:
>
> Wed Jan 12 00:50:01 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Jan 12 00:50:01 2000: DEBUG: Deleting session for 40000021,
> 202.4.197.65, 97
> Wed Jan 12 00:50:01 2000: DEBUG: Handling with Radius::AuthLDAP
> Wed Jan 12 00:50:01 2000: DEBUG: Connecting to 202.4.192.196, port 389
> Wed Jan 12 12:00:27 2000: INFO: Server started
> Wed Jan 12 12:00:30 2000: DEBUG: Packet dump:
>
> Note that the server stopped responding at 00:50, when it was trying to
> connect to our LDAP server. We verified the unavailability by using radpwtst
> locally and got a 'No reply'. We restarted at 12:00 with a kill -HUP and it
> promptly accepted connection from the auth port again. Below is our
> configuration file:
>
> ------------------------------------------------------------------------
> Foreground
> LogStdout
> LogDir /var/log/radius
> LogFile %L/%Y/%m/%d/log
> DictionaryFile /usr/local/etc/dictionary
> PidFile /var/run/radiusd.pid
> DbDir /var/log/radius
> Trace 5
> AuthPort 1645
> AcctPort 1646
>
> <Client DEFAULT>
> Secret XXXXXXXX
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy LDAP>
> # Tell Radiator how to talk to the LDAP server
> Host 202.4.192.196
> AuthDN XXXXXXXXX
> BaseDN XXXXXXXXX
> AuthPassword XXXXXXXXX
> UsernameAttr accessID
> PasswordAttr accessPassword
> CheckAttr accessCheckAttr
> ReplyAttr accessReplyAttr
>
> AddToReply Framed-Protocol = PPP,\
> Service-Type = 2,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
> AcctLogFileName %L/%Y/%m/%d/%H
> </Realm>
You should try using AuthBy LDAP2 and the corresponding Net::LDAP module.
Please have a look at section 6.30 in the Radiator 2.14.1 reference manual for
a discussion of the various LDAP options.
Could you also let us know what LDAP server you are using?
Note that there is a recent patch for Radiator 2.14.1:
7/1/00 Fixed a problem with AuthBy LDAP2, where recent versions
of Net::LDAP do not support ldap_error_message.
Download a new AuthLDAP2.pm from here.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.