Re: [RADIATOR] AuthBy LDAP2 LDAP hosts

Wed, 26 Apr 2017 09:47:39 -0700 

Hello Tuure,

Log and config file attached.

The user "autoconfig" is considered invalid when .52 the first ldap host 
becomes unreachable even though the other two ldap hosts in the lists were 
working and the user IS a valid user.

Thanks.

Regards,
Rohan

----- Original Message -----
From: "Tuure Vartiainen" <varti...@open.com.au>
To: "radiator" <radiator@lists.open.com.au>
Sent: Tuesday, April 25, 2017 5:25:47 AM
Subject: Re: [RADIATOR] AuthBy LDAP2 LDAP hosts

Hello Rohan,

> On 23 Apr 2017, at 7.18, rohan.henry cwjamaica.com 
> <rohan.he...@cwjamaica.com> wrote:
> 
> My Radiator server is not moving to the next LDAP server in the list when the 
> first fails - no ip connectivity.
> 

your description of a problem was quite shallow :)

In order to troubleshoot the problem, could you please send a debug log (Trace 
4) along with your configuration without credentials and perhaps a packet 
capture of LDAP connection attempts.

Thanks.


BR
-- 
Tuure Vartiainen <varti...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
<AuthBy LDAP2>
        Identifier      CheckADSLBNG2
        #Log SQLLog
        Host            10.12.0.52 10.12.0.51 10.12.0.53
        AuthDN          mail=radiator
        AuthPassword    **********
        BaseDN          %0=%1,cn=dial.anguillanet.com
        Scope           base
        UsernameAttr    uid
        PasswordAttr    UserPassword

        AuthAttrDef     UseAppPassword,Allow-To-Use,check
        AuthAttrDef     Expiration,Expiration,check
        AuthAttrDef     Simultaneous-Use,Simultaneous-Use,check
        AuthAttrDef     NAS-Port-Type,NAS-Port-Type,check
        AuthAttrDef     Calling-Station-Id,Calling-Station-Id,check
        AuthAttrDef     Called-Station-Id,Called-Station-Id,check
#        AuthAttrDef     NAS-IP-Address,NAS-IP-Address,check
        AuthAttrDef     Framed-Address,Framed-Address,reply
        AuthAttrDef     Session-Timeout,Session-Timeout,reply
        AuthAttrDef     Port-Limit,Port-Limit,reply
        AuthAttrDef     Framed-Pool,Framed-Pool,reply
        AuthAttrDef     Framed-Route,Framed-Route,reply
        AuthAttrDef     
Unisphere-Egress-Policy-Name,Unisphere-Egress-Policy-Name,reply
        AuthAttrDef     
Unisphere-Ingress-Policy-Name,Unisphere-Ingress-Policy-Name,reply
        AuthAttrDef     Unisphere-Virtual-Router,Unisphere-Virtual-Router,reply
        AuthAttrDef     Alc-Subsc-Prof-Str,Alc-Subsc-Prof-Str,reply
        AuthAttrDef     Alc-SLA-Prof-Str,Alc-SLA-Prof-Str,reply

        NoDefault

        AddToReply Class = %{User-Name}

        AddToReplyIfNotExist      Class = %{Client:Identifier},\
                        Framed-Protocol = PPP,\
                        User-Service-Type = "Framed-User",\
                        Framed-MTU = 1500,\
                        Framed-Compression = "Van-Jacobson-TCP-IP"

        Version         3
        HoldServerConnection
        Timeout         10
</AuthBy>

<AuthBy RADIUS>
        Identifier BluecoatAccounting
        IgnoreAccountingResponse
        Host 10.13.0.36
        Secret  secret
        StripFromRequest Calling-Station-Id
        AddToRequest Calling-Station-Id=%U
        IgnoreAuthentication
        AcctPort 1813
</AuthBy>



<AuthBy RADIUS>
        Identifier RadiusAcctRemote
        IgnoreAccountingResponse
        Host 10.12.0.35
        Secret  secret
        IgnoreAuthentication
        AcctPort 52813
</AuthBy>



<AuthBy INTERNAL>
        Identifier AcceptAll
        AuthResult ACCEPT
        AcctResult ACCEPT
        DefaultResult ACCEPT
</AuthBy>

*** Received from 76.76.186.228 port 52003 ....
Code:       Access-Request
Identifier: 44
Authentic:   R<28><15>dc}<138>o<177>$<188><13><133>M=
Attributes:
        User-Name = "autoconfig"
        NAS-IP-Address = 76.76.186.228
        Service-Type = Framed-User
        Framed-Protocol = PPP
        CHAP-Password = <1><180><159><207>P<183>C<160><22><152><29><10>7.r'`
        CHAP-Challenge = 
,A<226><154>J<157>a<156><253>AjsP?.=A<159><168>L<167>F<145><232><140>><198><189>!<239><242><204>1Ug<250><24
2>I<152><240><138><130><228>ZA<146>
        NAS-Port-Id = "lag-11:108.2105"
        NAS-Identifier = "AXA_SISL_PE1"
        Alc-Client-Hardware-Addr = "00:23:6a:28:30:0d"
        NAS-Port-Type = PPPoEoQinQ
        Acct-Session-Id = "27F49B000F0D0158FAD3C6"

Fri Apr 21 23:58:20 2017 179190: DEBUG: Handling request with Handler 
'Client-Identifier = /ADSL/i, Realm = /anguillanet.com|ADSL/i,
 NAS-IP-Address = /76.76.186.228|76.76.186.229/i', Identifier ''
Fri Apr 21 23:58:20 2017 179572: DEBUG: Rewrote user name to autoconfig
Fri Apr 21 23:58:20 2017 179851: DEBUG: Rewrote user name to autoconfig
Fri Apr 21 23:58:20 2017 180334: DEBUG: SQLSDB Deleting session for autoconfig, 
76.76.186.228, 
Fri Apr 21 23:58:20 2017 181269: DEBUG: do query to 
'dbi:Oracle:RISP.candwall.com': 'delete from RADONLINE where USERNAME='autoconfi
g' and CALLINGSTATIONID=''': 
Fri Apr 21 23:58:20 2017 184209: DEBUG: Handling with Radius::AuthSQL: 
SQLAccounting
Fri Apr 21 23:58:20 2017 184497: DEBUG: AuthBy SQL result: REJECT, 
Authentication disabled
Fri Apr 21 23:58:20 2017 184794: DEBUG: Handling with Radius::AuthGROUP: 
Fri Apr 21 23:58:20 2017 185131: DEBUG: Handling with Radius::AuthGROUP: 
Fri Apr 21 23:58:20 2017 185436: DEBUG: Handling with Radius::AuthLDAP2: 
CheckADSLBNG
Fri Apr 21 23:58:20 2017 185856: DEBUG: Radius::AuthGROUP: CheckADSLBNG result: 
IGNORE, User database access error
Fri Apr 21 23:58:20 2017 186127: DEBUG: Handling with AuthINTERNAL: 
Fri Apr 21 23:58:20 2017 186556: DEBUG: Radius::AuthGROUP:  result: ACCEPT, 
Fixed by DefaultResult
Fri Apr 21 23:58:20 2017 186803: DEBUG: Radius::AuthGROUP:  result: ACCEPT, 
Fixed by DefaultResult
Fri Apr 21 23:58:20 2017 187078: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Apr 21 23:58:20 2017 187473: DEBUG: Query to 
'dbi:Oracle:RISP.candwall.com': 'select TIME_STAMP, YIADDR, SUBNETMASK, 
DNSSERVER f
rom RADPOOL 
where POOL='RESTRICTED' and STATE=0 order by TIME_STAMP': 
Fri Apr 21 23:58:20 2017 190992: DEBUG: do query to 
'dbi:Oracle:RISP.candwall.com': 'update RADPOOL set STATE=1, 
TIME_STAMP=1492833500, 
EXPIRY=1492837100, USERNAME='autoconfig' where YIADDR='169.254.0.187' and 
STATE=0 and TIME_STAMP =1492825866': 
Fri Apr 21 23:58:20 2017 197029: DEBUG: Radius::AuthGROUP: AllocateIPAddress 
result: ACCEPT, 
Fri Apr 21 23:58:20 2017 197387: DEBUG: AuthBy GROUP result: ACCEPT, 
Fri Apr 21 23:58:20 2017 197676: DEBUG: Access accepted for autoconfig
Fri Apr 21 23:58:20 2017 198387: DEBUG: do query to 
'dbi:Oracle:RISP.candwall.com': 'insert into RADAUTHLOG 
(TIME_STAMP,USERNAME,TYPE,REASON) values 
('1492833500','autoconfig',1,'Conditional ACCEPT - Invalid user')': 
Fri Apr 21 23:58:20 2017 204323: DEBUG: Packet dump:
*** Sending to 76.76.186.228 port 52003 ....
Code:       Access-Accept
Identifier: 44
Authentic:  U<131><136>n<208>E<22><254><132><183><20>i2<179><11><129>
Attributes:
        Framed-Pool = "RESTRICTED"
        Class = "RESTRICTED"
        Reply-Message = "Conditional ACCEPT - Invalid user"
        Framed-IP-Netmask = 255.255.255.255
        Framed-IP-Address = 169.254.0.187
        Alc-Primary-Dns = 69.57.243.105
        Alc-Secondary-Dns = 69.57.243.106
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to