> When runing ldapsearch did you bind with the problematic DNs or with the
admin
> DN? I would suggest trying to bind with the user DNs and see what happens
I bind as admin DN but why i never received the error while running in
FreeBSD 4.8.. only in FreeBSD 5.1 the problem appear.. both accessing the
same LDAP server..... Is there something to do with FreeBSD 5.1 ???
> Also check out the ldap server logs for the freeradius bind operations.
There
> should be something there that will explain what's happening. If there
isn't run
> the ldap server in debug mode. I don't think there's much else to do in
rlm_ldap
> to fix the problem.
OK...
--haizam
>
> > >
> > >
> > > i) Error from radius.log
> > >
> > > Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
> > > uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to
> > x.x.x.x:389
> > > failed: timeout
> > > Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
> > > uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to
> > x.x.x.x:389
> > > failed: timeout
> > > Mon Oct 20 18:37:03 2003 : Error: rlm_ldap:
> > > uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to
> > x.x.x.x:389
> > > failed: timeout
> > >
> > >
> > > ii) From debug output
> > >
> > > ...........
> > > rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter
> > > (uid=spts)
> > > rlm_ldap: checking if remote access for spts is allowed by
dialupAccess
> > > rlm_ldap: looking for check items in directory...
> > > rlm_ldap: looking for reply items in directory...
> > > rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600
&
> > > op=11
> > > rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
> > > Van-Jacobson-TCP-IP & op=11
> > > rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11
> > > rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP &
> > op=11
> > > rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User
&
> > > op=11
> > > rlm_ldap: user spts authorized to use remote access
> > > ldap_release_conn: Release Id: 0
> > > modcall[authorize]: module "ldap1" returns ok for request 561
> > > modcall: group redundant returns ok for request 561
> > > modcall: group authorize returns ok for request 561
> > > rad_check_password: Found Auth-Type LDAP
> > > auth: type "LDAP"
> > > modcall: entering group Auth-Type for request 561
> > > modcall: entering group redundant for request 561
> > > rlm_ldap: - authenticate
> > > rlm_ldap: login attempt by "spts" with password "XXXX"
> > > rlm_ldap: user DN:
> > > uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
> > > rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1
> > > rlm_ldap: bind as
> > > uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003
to
> > > 61.6.32
> > > .201:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: ldap_result()
> > > rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
bind
> > > to 61.6.32.201:389 fai
> > > led: timeout
> > > rlm_ldap: ldap_connect() failed
> > > modcall[authenticate]: module "ldap1" returns fail for request 561
> > > rlm_ldap: - authenticate
> > > rlm_ldap: login attempt by "spts" with password "XXXX"
> > > rlm_ldap: user DN:
> > > uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
> > > rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1
> > > rlm_ldap: bind as
> > > uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003
to
> > > 61.6.32
> > > .97:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: ldap_result()
> > > rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
bind
> > > to 61.6.32.97:389 fail
> > > ed: timeout
> > > rlm_ldap: ldap_connect() failed
> > > modcall[authenticate]: module "ldap2" returns fail for request 561
> > > modcall: group redundant returns fail for request 561
> > > modcall: group Auth-Type returns fail for request 561
> > > auth: Failed to validate the user.
> > > Login incorrect: [spts] (from client jhb34 port 239 cli 072270533)
> > > Delaying request 561 for 1 seconds
> > > Finished request 561
> > > Going to the next request
> > > .................
> > >
> > >
> > > Problem B
> > > ========
> > >
> > > - ADDED to above problem.. I'm still having "Unresponsive child"
problem
> > > - LDAP working fine...
> > > - not that critical compare to above...
> > >
> > > i) From radius.log
> > >
> > > Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id
> > 136795136)
> > > for request 322196
> > > Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id
> > 136585216)
> > > for request 322292
> > > Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id
> > 135698432)
> > > for request 15206
>
> It's normal since rlm_ldap takes a long time to timeout
>
> > >
> > >
> > > ii) My ldap setting in radiusd.conf - maybe tuning is needed here.....
> > >
> > >
> > > max_request_time = 30
> > > delete_blocked_requests = no
> > > cleanup_delay = 5
> > > max_requests = 256000
> > > hostname_lookups = yes
> > > allow_core_dumps = no
> > >
> > > start_servers = 20
> > > max_servers = 1024
> > > min_spare_servers = 10
> > > max_spare_servers = 20
> > >
> > >
> > > ldap ldap2 {
> > > server = "10.1.1.1"
> > > identity =
"cn=Sysadmin,ou=Applications,dc=jaring,dc=my"
> > > password = XXXXXX
> > > basedn = "ou=People,dc=jaring,dc=my"
> > > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> > > start_tls = no
> > > access_attr = "dialupAccess"
> > > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > > ldap_connections_number = 256
> > > timeout = 10
> > > timelimit =10
> > > net_timeout = 5
> > > }
> > >
> > >
> > >
> > > Hopefully above info good enough to troubleshoot the problem...
> > >
> > >
> > > --haizam
> > >
> > >
> > > ----- Original Message -----
> > > From: "Alan DeKok" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, November 10, 2003 10:47 PM
> > > Subject: Re: Status...
> > >
> > >
> > > > "Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> > > > > Hopefully in 1.0 release, rlm_ldap can work well with FreeBSD 5.1
> > > > > Currently it has problem.. so i stick with FreeBSD 4.8 (and 4.9)
> > > >
> > > > Are you willing to tell us what those problems are?
> > > >
> > > > Alan DeKok.
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
