On Fri, 22 Apr 2005 16:44:31 -0400 (EDT)
Dustin Doris <[EMAIL PROTECTED]> wrote:
> > I have a simple RADIUS auth server with an LDAP as backend on the
> > same machine for some realms. When authenticating with a BAD
> > password, the LDAP rejects the authentication, but the radius sends
> > its reject after the "max_request_time" (5 secs)
> >
> > Why is radiusd not sending the reject immediately after it has
> > received the reject from the LDAP? Did I misconfigure something
> > somewhere?
> >
> > Richard.
>
> Please post radiusd -X so we can see what it is doing.
Hmmm, when running "radiusd -X" it's ok. I run radiusd under "supervise"
(daemontools from D.J.Bernstein) and then it has this behaviour. But
when running radius as a "normal" service, the problem also appears.
Now I can remember an issue that the normal logfile only logs stderr
instead of stdout, I see the same thing here (it's freeradius Debian
Sarge 1.02). When setting this:
logdir = /tmp
log_file = ${logdir}/radius.log
the only thing I can see is:
Fri Apr 22 23:24:57 2005 : Info: Using deprecated naslist file. Support
for this will go away soon.
For the rest there's nothing in the logs. I posted something about this
to the list in August 2004:
http://lists.cistron.nl/pipermail/freeradius-users/2004-August/035089.html
R.
FYI: radius -X produces this (like one would expect):
rlm_ldap:
modcall[authenticate]: module "ldap_example.com" returns
reject for request 0 modcall: group Auth-Type returns reject for request
0 auth: Failed to validate the user.
Login incorrect (rlm_ldap: Bind as user failed):
[EMAIL PROTECTED] (from client auth1.example.com port 0)
Delaying request 0 for 1 seconds Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 35 to 172.30.0.2:32768
Reply-Message = ""
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 35 with timestamp 4269668d
Nothing to do. Sleeping until we see a request.
--
___________________________________________________________________
Mac OS X proves that it's easier to make UNIX pretty than it is to
make Windows secure.
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
