Hello Aaron -
On Tue, 18 Jan 2000, Aaron Liu wrote:
> Hi Hugh,
>
> >
> > You should try using AuthBy LDAP2 and the corresponding Net::LDAP module.
> > Please have a look at section 6.30 in the Radiator 2.14.1 reference manual
> for
> > a discussion of the various LDAP options.
> >
> > Could you also let us know what LDAP server you are using?
> >
> > Note that there is a recent patch for Radiator 2.14.1:
> >
> > 7/1/00 Fixed a problem with AuthBy LDAP2, where recent versions
> > of Net::LDAP do not support ldap_error_message.
> > Download a new AuthLDAP2.pm from here.
> >
>
> Thank you for your reply. We have tried the modification yesterday
> evening and it seemed that the situation became worse. What we have done
> were:
>
> 1. Installed perl-ldap-0.13.tar.gz
> (perl Makefile.PL; make; make test; no error-> make install)
> 2. Upgraded the AuthLDAP2.pm in perl lib directory.
> 3. Changed radius.cfg so it used <AuthBy LDAP2> instead of <AuthBy LDAP>.
> 4. Restarted the server.
>
> Afterwards we observed the log and the requests and response kept coming
> in, so we thought the change was okay. However, upon further testing with
> radpwtst we found that we got "No Reply" with all three types of requests.
> When we did actual dialup testing, the client timed out even though the log
> said Radiator has sent back both access-accept and accounting-response (our
> NAS here at the local telco was set to grant permission only after receiving
> accounting-reponse).
> Investigation from telco told us our radius service did not respond from
> time to time. So finally we reverted the configuration to use old LDAP
> service and it started working again (for the time being).
>
> We are using openldap-1.2.7-2 rpm for redhat6.1 for providing LDAP
> service.
>
> Thank you very much for your advice in this issue again, in particular I
> would like to know whether we have skipped any steps in changing to the
> LDAP2 module, and why the radpwtst stopped working with the new
> configuration.
We have had numerous reports of problems with openldap. You might try either
University of Michigan LDAP or Netscape's LDAP server, both of which we know to
work quite reliably.
>From your description above, I do not understand how Radiator could be sending
both Access-Accept and Accounting-Accept, and still have your telco NAS not
proceeding with the connection. I would like to see a trace 4 debug of both
AuthBy LDAP and LDAP2 showing the differences.
BTW - it is very useful to have both your configuration file (no secrets) and
the trace 4 debug output discussed above when you submit a problem. It makes
it much, much easier to help!
Meanwhile, I will be doing some LDAP testing here shortly (on a Redhat 6.1
system), so I will have some good test results on both openldap and Umich LDAP.
I'll let you know how I get on.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
