any comments in below problem...??
--haizam
----- Original Message -----
From: "Rohaizam Abu Bakar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 12, 2003 8:59 AM
Subject: Re: Status... rlm_ldap problem
> I've sent all the error log/debug output before .. but Kostas ask me to
> troubleshoot more.... but i do not know where to start..... I will
explain
> again below:
>
> Problem A
> ========
> - Problem only exist when using FreeBSD 5.1 - with freeradius 0.9.2 & also
> 0.9.0 (not tested in 0.9.1)
> - My LDAP server working fine all along(tested using manual ldapsearch
when
> problem happen)
>
>
> i) Error from radius.log
>
> Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
> uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
> failed: timeout
> Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
> uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
> failed: timeout
> Mon Oct 20 18:37:03 2003 : Error: rlm_ldap:
> uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
> failed: timeout
>
>
> ii) From debug output
>
> ...........
> rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter
> (uid=spts)
> rlm_ldap: checking if remote access for spts is allowed by dialupAccess
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600 &
> op=11
> rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
> Van-Jacobson-TCP-IP & op=11
> rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
> rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP &
op=11
> rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User &
> op=11
> rlm_ldap: user spts authorized to use remote access
> ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap1" returns ok for request 561
> modcall: group redundant returns ok for request 561
> modcall: group authorize returns ok for request 561
> rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
> modcall: entering group Auth-Type for request 561
> modcall: entering group redundant for request 561
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "spts" with password "XXXX"
> rlm_ldap: user DN:
> uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
> rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1
> rlm_ldap: bind as
> uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to
> 61.6.32
> .201:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: ldap_result()
> rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind
> to 61.6.32.201:389 fai
> led: timeout
> rlm_ldap: ldap_connect() failed
> modcall[authenticate]: module "ldap1" returns fail for request 561
> rlm_ldap: - authenticate
> rlm_ldap: login attempt by "spts" with password "XXXX"
> rlm_ldap: user DN:
> uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
> rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1
> rlm_ldap: bind as
> uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to
> 61.6.32
> .97:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: ldap_result()
> rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind
> to 61.6.32.97:389 fail
> ed: timeout
> rlm_ldap: ldap_connect() failed
> modcall[authenticate]: module "ldap2" returns fail for request 561
> modcall: group redundant returns fail for request 561
> modcall: group Auth-Type returns fail for request 561
> auth: Failed to validate the user.
> Login incorrect: [spts] (from client jhb34 port 239 cli 072270533)
> Delaying request 561 for 1 seconds
> Finished request 561
> Going to the next request
> .................
>
>
> Problem B
> ========
>
> - ADDED to above problem.. I'm still having "Unresponsive child" problem
> - LDAP working fine...
> - not that critical compare to above...
>
> i) From radius.log
>
> Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id
136795136)
> for request 322196
> Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id
136585216)
> for request 322292
> Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id
135698432)
> for request 15206
>
>
> ii) My ldap setting in radiusd.conf - maybe tuning is needed here.....
>
>
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 256000
> hostname_lookups = yes
> allow_core_dumps = no
>
> start_servers = 20
> max_servers = 1024
> min_spare_servers = 10
> max_spare_servers = 20
>
>
> ldap ldap2 {
> server = "10.1.1.1"
> identity = "cn=Sysadmin,ou=Applications,dc=jaring,dc=my"
> password = XXXXXX
> basedn = "ou=People,dc=jaring,dc=my"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> access_attr = "dialupAccess"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 256
> timeout = 10
> timelimit =10
> net_timeout = 5
> }
>
>
>
> Hopefully above info good enough to troubleshoot the problem...
>
>
> --haizam
>
>
> ----- Original Message -----
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, November 10, 2003 10:47 PM
> Subject: Re: Status...
>
>
> > "Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> > > Hopefully in 1.0 release, rlm_ldap can work well with FreeBSD 5.1
> > > Currently it has problem.. so i stick with FreeBSD 4.8 (and 4.9)
> >
> > Are you willing to tell us what those problems are?
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
