Hello Tuure,
Log and config file attached.
The user "autoconfig" is considered invalid when .52 the first ldap host
becomes unreachable even though the other two ldap hosts in the lists were
working and the user IS a valid user.
Thanks.
Regards,
Rohan
----- Original Message -----
From: "Tuure Vartiainen" <varti...@open.com.au>
To: "radiator" <radiator@lists.open.com.au>
Sent: Tuesday, April 25, 2017 5:25:47 AM
Subject: Re: [RADIATOR] AuthBy LDAP2 LDAP hosts
Hello Rohan,
> On 23 Apr 2017, at 7.18, rohan.henry cwjamaica.com
> <rohan.he...@cwjamaica.com> wrote:
>
> My Radiator server is not moving to the next LDAP server in the list when the
> first fails - no ip connectivity.
>
your description of a problem was quite shallow :)
In order to troubleshoot the problem, could you please send a debug log (Trace
4) along with your configuration without credentials and perhaps a packet
capture of LDAP connection attempts.
Thanks.
BR
--
Tuure Vartiainen <varti...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
<AuthBy LDAP2>
Identifier CheckADSLBNG2
#Log SQLLog
Host 10.12.0.52 10.12.0.51 10.12.0.53
AuthDN mail=radiator
AuthPassword **********
BaseDN %0=%1,cn=dial.anguillanet.com
Scope base
UsernameAttr uid
PasswordAttr UserPassword
AuthAttrDef UseAppPassword,Allow-To-Use,check
AuthAttrDef Expiration,Expiration,check
AuthAttrDef Simultaneous-Use,Simultaneous-Use,check
AuthAttrDef NAS-Port-Type,NAS-Port-Type,check
AuthAttrDef Calling-Station-Id,Calling-Station-Id,check
AuthAttrDef Called-Station-Id,Called-Station-Id,check
# AuthAttrDef NAS-IP-Address,NAS-IP-Address,check
AuthAttrDef Framed-Address,Framed-Address,reply
AuthAttrDef Session-Timeout,Session-Timeout,reply
AuthAttrDef Port-Limit,Port-Limit,reply
AuthAttrDef Framed-Pool,Framed-Pool,reply
AuthAttrDef Framed-Route,Framed-Route,reply
AuthAttrDef
Unisphere-Egress-Policy-Name,Unisphere-Egress-Policy-Name,reply
AuthAttrDef
Unisphere-Ingress-Policy-Name,Unisphere-Ingress-Policy-Name,reply
AuthAttrDef Unisphere-Virtual-Router,Unisphere-Virtual-Router,reply
AuthAttrDef Alc-Subsc-Prof-Str,Alc-Subsc-Prof-Str,reply
AuthAttrDef Alc-SLA-Prof-Str,Alc-SLA-Prof-Str,reply
NoDefault
AddToReply Class = %{User-Name}
AddToReplyIfNotExist Class = %{Client:Identifier},\
Framed-Protocol = PPP,\
User-Service-Type = "Framed-User",\
Framed-MTU = 1500,\
Framed-Compression = "Van-Jacobson-TCP-IP"
Version 3
HoldServerConnection
Timeout 10
</AuthBy>
<AuthBy RADIUS>
Identifier BluecoatAccounting
IgnoreAccountingResponse
Host 10.13.0.36
Secret secret
StripFromRequest Calling-Station-Id
AddToRequest Calling-Station-Id=%U
IgnoreAuthentication
AcctPort 1813
</AuthBy>
<AuthBy RADIUS>
Identifier RadiusAcctRemote
IgnoreAccountingResponse
Host 10.12.0.35
Secret secret
IgnoreAuthentication
AcctPort 52813
</AuthBy>
<AuthBy INTERNAL>
Identifier AcceptAll
AuthResult ACCEPT
AcctResult ACCEPT
DefaultResult ACCEPT
</AuthBy>
*** Received from 76.76.186.228 port 52003 ....
Code: Access-Request
Identifier: 44
Authentic: R<28><15>dc}<138>o<177>$<188><13><133>M=
Attributes:
User-Name = "autoconfig"
NAS-IP-Address = 76.76.186.228
Service-Type = Framed-User
Framed-Protocol = PPP
CHAP-Password = <1><180><159><207>P<183>C<160><22><152><29><10>7.r'`
CHAP-Challenge =
,A<226><154>J<157>a<156><253>AjsP?.=A<159><168>L<167>F<145><232><140>><198><189>!<239><242><204>1Ug<250><24
2>I<152><240><138><130><228>ZA<146>
NAS-Port-Id = "lag-11:108.2105"
NAS-Identifier = "AXA_SISL_PE1"
Alc-Client-Hardware-Addr = "00:23:6a:28:30:0d"
NAS-Port-Type = PPPoEoQinQ
Acct-Session-Id = "27F49B000F0D0158FAD3C6"
Fri Apr 21 23:58:20 2017 179190: DEBUG: Handling request with Handler
'Client-Identifier = /ADSL/i, Realm = /anguillanet.com|ADSL/i,
NAS-IP-Address = /76.76.186.228|76.76.186.229/i', Identifier ''
Fri Apr 21 23:58:20 2017 179572: DEBUG: Rewrote user name to autoconfig
Fri Apr 21 23:58:20 2017 179851: DEBUG: Rewrote user name to autoconfig
Fri Apr 21 23:58:20 2017 180334: DEBUG: SQLSDB Deleting session for autoconfig,
76.76.186.228,
Fri Apr 21 23:58:20 2017 181269: DEBUG: do query to
'dbi:Oracle:RISP.candwall.com': 'delete from RADONLINE where USERNAME='autoconfi
g' and CALLINGSTATIONID=''':
Fri Apr 21 23:58:20 2017 184209: DEBUG: Handling with Radius::AuthSQL:
SQLAccounting
Fri Apr 21 23:58:20 2017 184497: DEBUG: AuthBy SQL result: REJECT,
Authentication disabled
Fri Apr 21 23:58:20 2017 184794: DEBUG: Handling with Radius::AuthGROUP:
Fri Apr 21 23:58:20 2017 185131: DEBUG: Handling with Radius::AuthGROUP:
Fri Apr 21 23:58:20 2017 185436: DEBUG: Handling with Radius::AuthLDAP2:
CheckADSLBNG
Fri Apr 21 23:58:20 2017 185856: DEBUG: Radius::AuthGROUP: CheckADSLBNG result:
IGNORE, User database access error
Fri Apr 21 23:58:20 2017 186127: DEBUG: Handling with AuthINTERNAL:
Fri Apr 21 23:58:20 2017 186556: DEBUG: Radius::AuthGROUP: result: ACCEPT,
Fixed by DefaultResult
Fri Apr 21 23:58:20 2017 186803: DEBUG: Radius::AuthGROUP: result: ACCEPT,
Fixed by DefaultResult
Fri Apr 21 23:58:20 2017 187078: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Apr 21 23:58:20 2017 187473: DEBUG: Query to
'dbi:Oracle:RISP.candwall.com': 'select TIME_STAMP, YIADDR, SUBNETMASK,
DNSSERVER f
rom RADPOOL
where POOL='RESTRICTED' and STATE=0 order by TIME_STAMP':
Fri Apr 21 23:58:20 2017 190992: DEBUG: do query to
'dbi:Oracle:RISP.candwall.com': 'update RADPOOL set STATE=1,
TIME_STAMP=1492833500,
EXPIRY=1492837100, USERNAME='autoconfig' where YIADDR='169.254.0.187' and
STATE=0 and TIME_STAMP =1492825866':
Fri Apr 21 23:58:20 2017 197029: DEBUG: Radius::AuthGROUP: AllocateIPAddress
result: ACCEPT,
Fri Apr 21 23:58:20 2017 197387: DEBUG: AuthBy GROUP result: ACCEPT,
Fri Apr 21 23:58:20 2017 197676: DEBUG: Access accepted for autoconfig
Fri Apr 21 23:58:20 2017 198387: DEBUG: do query to
'dbi:Oracle:RISP.candwall.com': 'insert into RADAUTHLOG
(TIME_STAMP,USERNAME,TYPE,REASON) values
('1492833500','autoconfig',1,'Conditional ACCEPT - Invalid user')':
Fri Apr 21 23:58:20 2017 204323: DEBUG: Packet dump:
*** Sending to 76.76.186.228 port 52003 ....
Code: Access-Accept
Identifier: 44
Authentic: U<131><136>n<208>E<22><254><132><183><20>i2<179><11><129>
Attributes:
Framed-Pool = "RESTRICTED"
Class = "RESTRICTED"
Reply-Message = "Conditional ACCEPT - Invalid user"
Framed-IP-Netmask = 255.255.255.255
Framed-IP-Address = 169.254.0.187
Alc-Primary-Dns = 69.57.243.105
Alc-Secondary-Dns = 69.57.243.106
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator