We have been using <AuthBy CDB> for about a year without any problems. We
are now trying to cutover all our systems to <AuthBy LDAP2>. Twice now since
Friday, since we have gone live with LDAP, Radiator has hung, causing me
great grief. This never happened before with CDB. Here are the details:

- Authentication and Accounting are being handled by separate Radiator
procs; the one that hangs is Authentication.
- the perl (Radiator) process was stuck in RUN state, and using close to
100% cpu.
- we're using Radiator 2.16.3 and OpenLdap 1.2.9(?)
- OpenLdap is running on the same server (localhost) as Radiator

The Radiator and OpenLdap log clips are shown below, as well as a section of
our config file. Notice that Radiator shows:

        "Connecting to localhost, port 389"

and that's it; it hung at that point. However, the OpenLdap log appears to
have processed the request and sent a reply (but I'm not an expert at
reading the OpenLdap logs).

The apparently binary Username and Password are interesting. We've had
requests like this when we used <AuthBy CDB>, and it worked fine: it
returned an Access-Reject. But I'm wondering if this is why Radiator is
hanging using <AuthBy LDAP2>? If so, how do we fix it? If not, then what
caused Radiator to hang?

Thanks very much for any and all help. This is a true show-stopper.

Dave

____________________

RADIATOR:

*** Received from 209.163.72.14 port 1812 ....
Code:       Access-Request
Identifier: 7
Authentic:  <6><209><240>4<175><224><222><3>q<154>k<134><8>3<205>-
Attributes:
        User-Name =
"<253><169><165>W<163><151><141>?<138><29><132><232><223>f<2
12><128><229><213><138>QT<128><2>id<210><240><172>5<252>]<14><207><190><178>
<10>
<11><187>}<22>U<236>2<242>f~<132><147>Gsg<157><156><165>3<136><208><169>(`<2
49><
166><152>X<251>3<24>YT<148><137>t,!<18><134>*<17><252><253><242><188><187>8<
170>
<1>^<20><161><139><205><18>J<222><129>D<159>KqzB<238><140><147>:<239>O<142><
225>
KX<16><251>Lp<30>&<252><16>k/<236>p<9>9^<253><183><208><214>O\<182><228>"<20
4>|<
201><252><139><17><240><147><149>!<253><249><30><200><151><152><15>l:v<133><
227>
<183><14>e<216>vv<175><134>u<165>{<134><134>i<180><22><223>
<215><194><195><20><
231><224>K<167><225><212><253><158>{<243>M<217><162><217><161>r<14><183>7<16
><24
1>Q<137><217><29>hU<248>t<239><132>q"
        User-Password =
"<157>j<246>.j<151><148><168>K!n\x|Q<151>1<194><225>W<25
0><152>2(<254><3>(<192>b<13><171>><250>Y;<176><6>)x<19>>Ti|!<17>*<222> <246>
{.<
185>=<224><215>l<5>=<213><185><21><138>M<223><229>Jg7)<4><205><253>r5J<178>J
Je<2
02><253><16><157><237>.<144><167>:<146>;E<128>L<185>RS3-<189>H<26>l<193>#$<1
64><
210><138>E<193>"
        NAS-IP-Address = 209.163.72.14
        NAS-Port = 9232
        Acct-Session-Id = "000f0910090910"
        USR-Interface-Index = 3577
        Service-Type = Login-User
        USR-Chassis-Call-Slot = 10
        USR-Chassis-Call-Span = 1
        USR-Chassis-Call-Channel = 17
        USR-Connect-Speed = NONE
        Calling-Station-Id = "6102878105"
        Called-Station-Id = "3613526"
        Ascend-Xmit-Rate = 0
        NAS-Port-Type = Async

Wed Nov 22 12:50:12 2000: DEBUG: Handling request with Handler 'Realm='
Wed Nov 22 12:50:12 2000: DEBUG: Rewrote user name to
^}^i^ew^c^W^M?^J^]^D^h^_f
^T^@^e^U^Jqt^@^Bid^R^p^l5^|]^N^O^~^r
^K^{}^Vu^l2^rf~^D^Sgsg^]^\^e3^H^P^i(`^y^f^Xx^{3^Xyt^T^It,!^R^F*^Q^|^}^r^|^{8
^j^A
^^T^a^K^M^Rj^^^Ad^_kqzb^n^L^S:^oo^N^akx^P^{lp^^&^|^Pk/^lp
9^^}^w^P^Vo\^v^d
"^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^Xvv^o^Fu^e{^F^Fi^t^V^_
^W^B^C^T^g
^`k^g^a^T^}^^{^sm^Y^b^Y^ar^N^w7^P^qq^I^Y^]hu^xt^o^Dq
Wed Nov 22 12:50:12 2000: DEBUG: Rewrote user name to
^}^i^ew^c^W^M?^J^]^D^h^_f
^T^@^e^U^Jqt^@^Bid^R^p^l5^|]^N^O^~^r^K^{}^Vu^l2^rf~^D^Sgsg^]^\^e3^H^P^i(`^y^
f^Xx
^{3^Xyt^T^It,!^R^F*^Q^|^}^r^|^{8^j^A^^T^a^K^M^Rj^^^Ad^_kqzb^n^L^S:^oo^N^akx^
P^{l
p^^&^|^Pk/^lp9^^}^w^P^Vo\^v^d"^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^X
vv^o
^Fu^e{^F^Fi^t^V^_^W^B^C^T^g^`k^g^a^T^}^^{^sm^Y^b^Y^ar^N^w7^P^qq^I^Y^]hu^xt^o
^Dq
Wed Nov 22 12:50:12 2000: DEBUG: SDB1 Deleting session for
^}^i^eW^c^W^M?^J^]^D
^h^_f^T^@^e^U^JQT^@^Bid^R^p^l5^|]^N^O^~^r
^K^{}^VU^l2^rf~^D^SGsg^]^\^e3^H^P^i(`^y^f^XX^{3^XYT^T^It,!^R^F*^Q^|^}^r^|^{8
^j^A
^^T^a^K^M^RJ^^^AD^_KqzB^n^L^S:^oO^N^aKX^P^{Lp^^&^|^Pk/^lp
9^^}^w^P^VO\^v^d
"^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^Xvv^o^Fu^e{^F^Fi^t^V^_
^W^B^C^T^g
^`K^g^a^T^}^^{^sM^Y^b^Y^ar^N^w7^P^qQ^I^Y^]hU^xt^o^Dq, 209.141.72.14, 9232
Wed Nov 22 12:50:12 2000: DEBUG: Handling with Radius::AuthLDAP2
Wed Nov 22 12:50:12 2000: DEBUG: Connecting to localhost, port 389
__________________________________

OPENLDAP:

Nov 22 12:50:12 rad1 slapd[144]: do_bind
Nov 22 12:50:12 rad1 slapd[144]: do_bind: version 2 dn
(dc=ppp,dc=netcarrier,dc=
com) method 128
Nov 22 12:50:12 rad1 slapd[144]: dn2entry_r: dn:
"DC=PPP,DC=NETCARRIER,DC=COM"
Nov 22 12:50:12 rad1 slapd[144]: => dn2id( "DC=PPP,DC=NETCARRIER,DC=COM" )
Nov 22 12:50:12 rad1 slapd[144]: ====> cache_find_entry_dn2id: found dn:
DC=PPP,
DC=NETCARRIER,DC=COM
Nov 22 12:50:12 rad1 slapd[144]: <= dn2id 2 (in cache)
Nov 22 12:50:12 rad1 slapd[144]: => id2entry_r( 2 )
Nov 22 12:50:12 rad1 slapd[144]: ====> cache_find_entry_dn2id: found id: 2
rw: 0

Nov 22 12:50:12 rad1 slapd[144]: <= id2entry_r 0x80f3940 (cache)
Nov 22 12:50:12 rad1 slapd[144]: ====> cache_return_entry_r
Nov 22 12:50:12 rad1 slapd[144]: do_bind: bound
"dc=ppp,dc=netcarrier,dc=com" to
 "dc=ppp,dc=netcarrier,dc=com"
Nov 22 12:50:12 rad1 slapd[144]: send_ldap_result 0::
___________________________________

CONFIG FILE SECTION:

<AuthBy LDAP2>
        Identifier LDAP_AUTH

        # Prevent looking up DEFAULT user when no entry is found:
        NoDefault

        # The LDAP host to connect to
        Host           localhost
        # If not set, defaults to 389. Use 636 for SSL.
        # Port          389

        # as a privelged user
        AuthDN          dc=ppp,dc=netcarrier,dc=com
        AuthPassword    blahblahblah

        # The base DN at which to start the search
        BaseDN          dc=ppp,dc=netcarrier,dc=com

        # Set  Scope to first level only
        Scope one

        # The LDAP attribute to match against User-Name
        UsernameAttr     uid

        # The LDAP attribute that contains a plaintext password
        # or a password in the format {crypt}1xMKc0GIVUNbE
        # or {SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
        PasswordAttr    userPassword

        #  Use generic reply and check items. These will be
        # contained in single LDAP attributes
        AuthAttrDef     ncCheckItem,GENERIC,check
        AuthAttrDef     ncReplyItem,GENERIC,reply

        # Default reply items
        DefaultReply \
        Service-Type=Framed-User, \
        Framed-Protocol=PPP, \
                Idle-Timeout=1200
</AuthBy>
<Realm>
        # Use LDAP_AUTH instead of CDBFILE (fs 11/2/00)
        #AuthBy CDBFILE_AUTH
        AuthBy LDAP_AUTH

        # Translate all upper case to lower case
        RewriteUsername tr/A-Z/a-z/
        # Substitute whitespace to nothing everywhere in the line:
        RewriteUsername s/\s//g

        PasswordLogFileName %L/password.log
        SessionDatabase SDB1
        # Log accounting to the detail file in LogDir
        AcctLogFileName %D/Accounting/netcarrier.com-%h
</Realm>


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to