Hello Mai -
There are some known problems with Redhat 8 and 9.
See this FAQ item:
http://www.open.com.au/radiator/faq.html#127
regards
Hugh
On Saturday, Sep 13, 2003, at 02:33 Australia/Melbourne, Mai Bui wrote:
Support,
I'm having problem with Radiator binding to LDAP when running radpwtst on a Linux 8.0 server. The system environments are Radiator 3.6 and openldap-2.0.25, and perl-ldap-0.2701. Radiator and LDAP processes are running when tested radpwtst. Also, I have eliminated LDAP issues because I was able to viewed the user from LDAP client and port 389 also listened from system. Here is the errors from log file.
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 7
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 13
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 19
Fri Sep 12 10:33:03 2003: DEBUG: Reading users file /etc/raddb/users
Fri Sep 12 10:33:04 2003: DEBUG: Reading group file /etc/group
Fri Sep 12 10:33:04 2003: DEBUG: Finished reading configuration file '/etc/raddb/radtest.cfg'
Fri Sep 12 10:33:04 2003: DEBUG: Reading dictionary file '/etc/raddb/dictionary'
Fri Sep 12 10:33:04 2003: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Sep 12 10:33:04 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Sep 12 10:33:04 2003: NOTICE: Server started: Radiator 3.6 on auth.xxxxxxx.net
Fri Sep 12 10:33:32 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code: Access-Request
Identifier: 212
Authentic: 1234567890123456
Attributes:
User-Name = "ctyxxxx"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<200><141><162>v<209><198>X6<31><235><251><167><228>B<161>d"
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:32 2003: DEBUG: Deleting session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:32 2003: ERR: Attribute number 79 is not defined in your dictionary
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthLDAP2: LDAP
Fri Sep 12 10:33:32 2003: INFO: Connecting to 127.0.0.1, port 389
Fri Sep 12 10:33:32 2003: INFO: Attempting to bind with uid=searchuser,dc=xxxxxxx,dc=net, passwd (server 127.0.0.1:389)
Fri Sep 12 10:33:42 2003: ERR: Could not bind connection with uid=searchuser,dc=xxxxxxxx,dc=net, passwd, error: LDAP Timeout (server 127.0.0.1:389).
Fri Sep 12 10:33:42 2003: ERR: Backing off from 127.0.0.1:389 for 600 seconds.
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthFILE IGNORE: User database access error
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthUNIX: System
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthUNIX looks for match with ctyxxxx
Fri Sep 12 10:33:42 2003: INFO: Access rejected for ctyxxxx: No such user
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Access-Reject
Identifier: 212
Authentic: 1234567890123456
Attributes:
Reply-Message = "choice: "
Reply-Message = "Request Denied"
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 32809 .... Code: Accounting-Request Identifier: 213 Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo Attributes: User-Name = "ctyxxxx" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Adding session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Accounting-Response
Identifier: 213
Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code: Accounting-Request
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
User-Name = "ctyxxxx"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Deleting session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code: Accounting-Response
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
Here is the config file:
##Log Directory LogDir /var/adm/radacct ##Config Directory DbDir /etc/raddb ##SNMP Location SnmpgetProg /usr/local/bin/snmpget ##Log Level (1 is small , 4 is big) Trace 4 ##Clients information location include %D/clients.cfg ## Strip local realms from incoming iPass users. RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ RewriteUsername s/\s+//g RewriteUsername tr/A-Z/a-z/ # # # # <Realm DEFAULT> <AuthBy FILE> Identifier File </AuthBy> <AuthBy UNIX> Identifier System Filename /etc/shadow </AuthBy> <AuthBy LDAP2> Identifier LDAP Host 127.0.0.1 Port 389 AuthDN uid=searchuser,dc=xxxxxxxxx,dc=net AuthPassword BaseDN %0=%1,ou=people,dc=xxxxxxx,dc=net Scope base UsernameAttr uid PasswordAttr userPassword HoldServerConnection SearchFilter (&(gecos=active)(uid=%1)) AuthAttrDef gidNumber, gid-attr, request </AuthBy> PostAuthHook file:"%D/postHook" AcctLogFileName %L/%N/detail </REALM>
I have built another authentication server running on Solaris 8 and it is working fine, just the one running on Linux8 are having problem and built it from sources instead of RPM. Can you tell from the errors log that Radiator having problem access the LDAP (database reside on local system) or could be binding or localhost issues? I have checked database, passwd, hosts, hosts.allow, host.deny, ports as well but couldn't resolve the issue. Any help is greatly appreciated, and please let me know if you need more info to determine the problem.
Thanks, Mai Bui
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
