Re: [RADIATOR] AuthBy LDAP2 LDAP hosts

Mon, 01 May 2017 07:11:03 -0700 

Hello Tuure,

Another Radiator instance is checking next available ldap server (.52 is still 
down) even with HoldServerConnection enabled. See attached.

But I do not yet find any difference between this config and the config on 
other instances that are not working.

Regards,
Rohan

----- Original Message -----
From: "Tuure Vartiainen" <[email protected]>
To: "Rohan Henry" <[email protected]>
Cc: "radiator" <[email protected]>
Sent: Thursday, April 27, 2017 4:45:56 AM
Subject: Re: [RADIATOR] AuthBy LDAP2 LDAP hosts

Hello Rohan,

> On 26 Apr 2017, at 19.33, rohan.henry cwjamaica.com 
> <[email protected]> wrote:
> 
> Log and config file attached.
> 

Thanks.

> The user "autoconfig" is considered invalid when .52 the first ldap host 
> becomes unreachable even though the other two ldap hosts in the lists were 
> working and the user IS a valid user.
> 

Does it work better if you disable HoldServerConnection?

Currently LDAP server failover when queries timeout and multiple hosts 
have been defined per AuthBy LDAP2 requires some improvements.

A workaround would be to define new AuthBy LDAP2 stanza for each host.


BR
-- 
Tuure Vartiainen <[email protected]>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
Code:       Access-Request
Identifier: 150
Authentic:  :<1>#<0>$7:<2>d<183>]Yot_<2>
Attributes:
        User-Name = "aggsrich"
        NAS-IP-Address = 69.73.239.105
        Service-Type = Framed-User
        Framed-Protocol = PPP
        CHAP-Password = 
<1>E<25><132><15><197><232><242>c?<242><190><202><147><156><10>f
        CHAP-Challenge = 
<142><8>z~o<152>SQ2G<185><214>><238><136>O|<10>+X><221><209><216>)k<3>(<3><147>o<145><155>
        NAS-Port-Id = "lag-9:111.667"
        NAS-Identifier = "SVD_ARVL_PE1"
        Alc-Client-Hardware-Addr = "00:23:6a:5a:77:10"
        NAS-Port-Type = PPPoEoQinQ
        Acct-Session-Id = "AF01210256C2AD59073DF8"

Mon May  1 09:58:43 2017 002151: DEBUG: Handling request with Handler 
'Client-Identifier = /ADSL/i, Realm = /vincysurf.com|ADSL/i, NAS-IP-Address = 
/69.73.239.104|69.73.239.105/i', Identifier ''
Mon May  1 09:58:43 2017 002464: DEBUG: Rewrote user name to aggsrich
Mon May  1 09:58:43 2017 003994: DEBUG: Rewrote user name to aggsrich
Mon May  1 09:58:43 2017 004366: DEBUG: SQLSDB Deleting session for aggsrich, 
69.73.239.105, 
Mon May  1 09:58:43 2017 004975: DEBUG: do query to 
'dbi:Oracle:RISP.candwall.com': 'delete from RADONLINE where 
USERNAME='aggsrich' and CALLINGSTATIONID=''': 
Mon May  1 09:58:43 2017 010459: DEBUG: Handling with Radius::AuthSQL: 
SQLAccounting
Mon May  1 09:58:43 2017 010707: DEBUG: AuthBy SQL result: REJECT, 
Authentication disabled
Mon May  1 09:58:43 2017 010920: DEBUG: Handling with Radius::AuthGROUP: 
Mon May  1 09:58:43 2017 011133: DEBUG: Handling with Radius::AuthGROUP: 
Mon May  1 09:58:43 2017 011341: DEBUG: Handling with Radius::AuthLDAP2: 
CheckADSLBNG
Mon May  1 09:58:43 2017 014647: DEBUG: LDAP got result for 
uid=aggsrich,cn=dial.vincysurf.com
Mon May  1 09:58:43 2017 015807: DEBUG: LDAP got Alc-SLA-Prof-Str: mega
Mon May  1 09:58:43 2017 016158: DEBUG: LDAP got Alc-Subsc-Prof-Str: mega
Mon May  1 09:58:43 2017 019719: DEBUG: LDAP got Expiration: Dec 31, 2999
Mon May  1 09:58:43 2017 020019: DEBUG: LDAP got Port-Limit: 1
Mon May  1 09:58:43 2017 020308: DEBUG: LDAP got Simultaneous-Use: 2
Mon May  1 09:58:43 2017 020725: DEBUG: LDAP got Unisphere-Egress-Policy-Name: 
mega_eg
Mon May  1 09:58:43 2017 021024: DEBUG: LDAP got Unisphere-Ingress-Policy-Name: 
mega_ig
Mon May  1 09:58:43 2017 021349: DEBUG: LDAP got UseAppPassword: YES
Mon May  1 09:58:43 2017 021765: DEBUG: LDAP got userPassword: shernette
Mon May  1 09:58:43 2017 022008: DEBUG: LDAP got mail: 
[email protected]
Mon May  1 09:58:43 2017 022373: DEBUG: Radius::AuthLDAP2 looks for match with 
aggsrich [aggsrich]
Mon May  1 09:58:43 2017 022843: DEBUG: Expiration date converted to: 2145844800
Mon May  1 09:58:43 2017 023899: DEBUG: Query to 
'dbi:Oracle:RISP.candwall.com': 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, 
FRAMEDIPADDRESS from RADONLINE where USERNAME='aggsrich'': 
Mon May  1 09:58:43 2017 029662: DEBUG: Radius::AuthLDAP2 ACCEPT: : aggsrich 
[aggsrich]
Mon May  1 09:58:43 2017 030285: DEBUG: Radius::AuthGROUP: CheckADSLBNG result: 
ACCEPT, 
Mon May  1 09:58:43 2017 030504: DEBUG: Radius::AuthGROUP:  result: ACCEPT, 
Mon May  1 09:58:43 2017 030793: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon May  1 09:58:43 2017 031030: DEBUG: No PoolHint found. No address will be 
allocated
Mon May  1 09:58:43 2017 031220: DEBUG: Radius::AuthGROUP: AllocateIPAddress 
result: ACCEPT, 
Mon May  1 09:58:43 2017 031427: DEBUG: AuthBy GROUP result: ACCEPT, 
Mon May  1 09:58:43 2017 031793: DEBUG: Access accepted for aggsrich
Mon May  1 09:58:43 2017 033948: DEBUG: do query to 
'dbi:Oracle:RISP.candwall.com': 'insert into RADAUTHLOG 
(TIME_STAMP,USERNAME,TYPE,REASON) values ('1493647123','aggsrich',1,NULL)': 
Mon May  1 09:58:43 2017 042806: DEBUG: Packet dump:
*** Sending to 69.73.239.105 port 64480 ....
Code:       Access-Accept
Identifier: 150
Authentic:  <174>j&A<210><203>,<240><210><156>Y<147>Xt<174>{
Attributes:
        Alc-SLA-Prof-Str = "mega"
        Alc-Subsc-Prof-Str = "mega"
        Port-Limit = 1
        Unisphere-Egress-Policy-Name = "mega_eg"
        Unisphere-Ingress-Policy-Name = "mega_ig"
        Class = "aggsrich"
        Framed-Protocol = PPP
        User-Service-Type = Framed-User
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP
        Alc-Primary-Dns = 
        Alc-Secondary-Dns = 
<AuthBy LDAP2>
        Identifier      CheckADSLBNG
        #Log SQLLog
        Host            10.12.0.52 10.12.0.53 10.12.0.51
        AuthDN          mail=radiator
        AuthPassword    ********
        BaseDN          %0=%1,cn=dial.vincysurf.com
        Scope           base
        UsernameAttr    uid
        PasswordAttr    UserPassword

        AuthAttrDef     UseAppPassword,Allow-To-Use,check
        AuthAttrDef     Expiration,Expiration,check
        AuthAttrDef     Simultaneous-Use,Simultaneous-Use,check
        AuthAttrDef     NAS-Port-Type,NAS-Port-Type,check
        AuthAttrDef     Calling-Station-Id,Calling-Station-Id,check
        AuthAttrDef     Called-Station-Id,Called-Station-Id,check
        AuthAttrDef     NAS-IP-Address,NAS-IP-Address,check
        AuthAttrDef     Framed-Address,Framed-Address,reply
        AuthAttrDef     Session-Timeout,Session-Timeout,reply
        AuthAttrDef     Port-Limit,Port-Limit,reply
        AuthAttrDef     Framed-Pool,Framed-Pool,reply
        AuthAttrDef     Framed-Route,Framed-Route,reply
        AuthAttrDef     
Unisphere-Egress-Policy-Name,Unisphere-Egress-Policy-Name,reply
        AuthAttrDef     
Unisphere-Ingress-Policy-Name,Unisphere-Ingress-Policy-Name,reply
        AuthAttrDef     Unisphere-Virtual-Router,Unisphere-Virtual-Router,reply
        AuthAttrDef     Alc-Subsc-Prof-Str,Alc-Subsc-Prof-Str,reply
        AuthAttrDef     Alc-SLA-Prof-Str,Alc-SLA-Prof-Str,reply

        NoDefault

        AddToReply Class = %{User-Name}

        AddToReplyIfNotExist      Class = %{Client:Identifier},\
                        Framed-Protocol = PPP,\
                        User-Service-Type = "Framed-User",\
                        Framed-MTU = 1500,\
                        Framed-Compression = "Van-Jacobson-TCP-IP"

        Version         3
        HoldServerConnection
        Timeout         10
</AuthBy>
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to