On Fri, 22 Apr 2005 23:33:50 +0200
richard lucassen <[EMAIL PROTECTED]> wrote:
> On Fri, 22 Apr 2005 16:44:31 -0400 (EDT)
> Dustin Doris <[EMAIL PROTECTED]> wrote:
>
> > > I have a simple RADIUS auth server with an LDAP as backend on the
> > > same machine for some realms. When authenticating with a BAD
> > > password, the LDAP rejects the authentication, but the radius
> > > sends its reject after the "max_request_time" (5 secs)
> > >
> > > Why is radiusd not sending the reject immediately after it has
> > > received the reject from the LDAP? Did I misconfigure something
> > > somewhere?
> > >
> > > Richard.
> >
> > Please post radiusd -X so we can see what it is doing.
>
> Hmmm, when running "radiusd -X" it's ok. I run radiusd under
> "supervise" (daemontools from D.J.Bernstein) and then it has this
> behaviour. But when running radius as a "normal" service, the problem
> also appears.
Sorry, I snipped too much when posting this. Forget it.
> Now I can remember an issue that the normal logfile only logs stderr
> instead of stdout, I see the same thing here (it's freeradius Debian
> Sarge 1.02). When setting this:
>
> logdir = /tmp
> log_file = ${logdir}/radius.log
>
> the only thing I can see is:
>
> Fri Apr 22 23:24:57 2005 : Info: Using deprecated naslist file.
> Support for this will go away soon.
>
> For the rest there's nothing in the logs. I posted something about
> this to the list in August 2004:
>
> http://lists.cistron.nl/pipermail/freeradius-users/2004-August/035089.html
>
> R.
>
> FYI: radius -X produces this (like one would expect):
>
> rlm_ldap:
> modcall[authenticate]: module "ldap_example.com" returns
> reject for request 0 modcall: group Auth-Type returns reject for
> request 0 auth: Failed to validate the user.
> Login incorrect (rlm_ldap: Bind as user failed):
> [EMAIL PROTECTED] (from client auth1.example.com port 0)
> Delaying request 0 for 1 seconds Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 35 to 172.30.0.2:32768
> Reply-Message = ""
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 35 with timestamp 4269668d
> Nothing to do. Sleeping until we see a request.
>
> --
> ___________________________________________________________________
> Mac OS X proves that it's easier to make UNIX pretty than it is to
> make Windows secure.
>
> +------------------------------------------------------------------+
> | Richard Lucassen, Utrecht |
> | Public key and email address: |
> | http://www.lucassen.org/mail-pubkey.html |
> +------------------------------------------------------------------+
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
___________________________________________________________________
Mac OS X proves that it's easier to make UNIX pretty than it is to
make Windows secure.
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
