Livingstone V/s FreeRadius...Please Help

[Atanu Das]

hi freeradius gurus,   PLEASE HELP   Our existing ISP is running on Livingston Radius Which is two years old and using OpenLDAP-1.2   for Authentication and Authorization and a java program (daemon) reads the detail file and sends   the file to a MS-SQL database for accounting.   Now I want to change our system to FreeRadius with OpenLDAP 2.0 (authentication and   authorization. The accounting will be remain as it is) and after doing all the dry runs and test   I tried to implement a test server for a live test. I have not changed the LDAP database and   pointed the radius daemon to use the old LDAP tree. I copied the "users" file from the old system   to /etc/raddb directory. The daemon started perfectly. But a strange thing happen. When i ran   radiusd in debugging mode, i could see the the authentication request coming to the radius from   our AS5300 NAS. I mean our dial-up users are getting authenticated, but to my surprise they are   not been able to remain connected and gets kicked out from the NAS. And their accounting detail   file is not getting created. This is obvious as the dial-up users are only getting authenticated   and authorised but since they are kicked out from the NAS, their accounting detail file is not   created.   Where am i wrong? The same "users" file is able to do the AAA in the old Radius, whereas when i   use the file with the FR, it does not works. PLEASE HELP!!!!!   The users file from the old radius :-   DEFAULT Auth-Type:=LDAP Fall-Through =1register Password = "register" Framed-Protocol = PPP,    Service-Type = Framed-User, Filter-Id = "radius.in"getmein Password = "welcome"    Framed-Protocol = PPP, Service-Type = Framed-User, Filter-Id = "radius.in" ##I tried changing the Password attribute to User-Password but it did not worked!!!!DEFAULT   Password = "LDAP-9999" Framed-Protocol = PPP, Service-Type = Framed-User   Our OpenLDAP 1.2 ldif dump for a user:--   ou=radius,dc=neline,dc=com ou=radius objectclass=top objectclass=organizationalUnit   uid=testuser,ou=radius,dc=neline,dc=com uid=testuser cn=testuser objectclass=top objectclass=account objectclass=posixAccount objectclass=newPilotPerson objectclass=shadowAccount loginshell=/bin/NOSHELL uidnumber=1500 gidnumber=1000 homedirectory=/home/neline/testuser userpassword=testpassword l=SHL maxlogins=1 currentlogins=0 usedtime=0.0 rategroupid=G001   The radiusd.conf file.... the LDAP module part and the authentication part only..: ..................................... ..................................... .....................................    ldap {   server = "192.9.203.4"   # identity = "cn=admin,o=My Org,c=UA"   # password = mypass   basedn = "dc=neline,dc=com"   filter = "(uid=%u)"     # set this to 'yes' to use TLS encrypted connections   # to the LDAP database.   start_tls = no   # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"   # profile_attribute = "radiusProfileDn"   #access_group = "ou=radius,dc=neline,dc=com"   #access_attr = "dialupAccess"     # Mapping of RADIUS dictionary attributes to LDAP   # directory attributes.   dictionary_mapping = ${raddbdir}/ldap.attrmap     # ldap_cache_timeout = 120   # ldap_cache_size = 0   ldap_connections_number = 5   # password_header = "{clear}"   # password_attribute = userPassword   # groupname_attribute = cn   # groupmembership_filter =   "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquem   ember=%{Ldap-UserDn})))"   timeout = 4   timelimit = 3   net_timeout = 1   # compare_check_items = yes   # access_attr_used_for_allow = yes  }   .................. .................. .................. ..................   authorize {   preprocess   # chap # counter # attr_filter # eap  suffix  files # etc_smbpasswd # mschap  ldap }   authenticate { # pam # unix  authtype LDAP {   ldap  } # mschap # eap   # authtype CHAP { #  chap # }   # authtype PAP { #  pap # } # }   preacct {  preprocess  suffix  files }   accounting { # acct_unique  detail # counter # unix  radutmp # sradutmp }   session {  radutmp }   I am not sending the debugging info with this file as it will make the mail un-necessarily long   and I think there is a problem with the "users" file only, but if it is necessary then i can post   it.   I have tried many permutations and combinations and trial and error methods with the users file and even tried with the freeradius own users file but the same thing happens. The users are only getting authenticated but their a/c info is not coming as the NAs kicks the users. And moreover there are no more configuration files like freeradius in the Livingstone Radius.   Please help. I want to implement FreeRadius as soon as possible!!!!!     Atanu Das System Development SS NetCom Pvt Ltd. Dhankheti Shillong-793003 Ph: 91+361+502355 Visit us at: http://www.neline.com