> From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > Hello Dave - > > At 11:11 -0500 30/11/00, Dave Kitabjian wrote: > >I believe it's a BUG. > > > >Please see my post from last week: > > > > "Radiator/LDAP hangs on binary username!" > > > I don't believe I have seen this - can you repost? > Attached is a repost. >As I have said may times, you are much better off just rejecting >usernames that contain rubbish. This topic has been discussed on the >list several times and I have posted examples. Have a look at the >archive: I'm sorry, I had searched the archive for "binary username" and other things, but I couldn't find anything. I'll take another look. Thanks again! Dave _____________________ We have been using <AuthBy CDB> for about a year without any problems. We are now trying to cutover all our systems to <AuthBy LDAP2>. Twice now since Friday, since we have gone live with LDAP, Radiator has hung, causing me great grief. This never happened before with CDB. Here are the details: - Authentication and Accounting are being handled by separate Radiator procs; the one that hangs is Authentication. - the perl (Radiator) process was stuck in RUN state, and using close to 100% cpu. - we're using Radiator 2.16.3 and OpenLdap 1.2.9(?) - OpenLdap is running on the same server (localhost) as Radiator The Radiator and OpenLdap log clips are shown below, as well as a section of our config file. Notice that Radiator shows: "Connecting to localhost, port 389" and that's it; it hung at that point. However, the OpenLdap log appears to have processed the request and sent a reply (but I'm not an expert at reading the OpenLdap logs). The apparently binary Username and Password are interesting. We've had requests like this when we used <AuthBy CDB>, and it worked fine: it returned an Access-Reject. But I'm wondering if this is why Radiator is hanging using <AuthBy LDAP2>? If so, how do we fix it? If not, then what caused Radiator to hang? Thanks very much for any and all help. This is a true show-stopper. Dave ____________________ RADIATOR: *** Received from 209.163.72.14 port 1812 .... Code: Access-Request Identifier: 7 Authentic: <6><209><240>4<175><224><222><3>q<154>k<134><8>3<205>- Attributes: User-Name = "<253><169><165>W<163><151><141>?<138><29><132><232><223>f<2 12><128><229><213><138>QT<128><2>id<210><240><172>5<252>]<14><207><190><178> <10> <11><187>}<22>U<236>2<242>f~<132><147>Gsg<157><156><165>3<136><208><169>(`<2 49>< 166><152>X<251>3<24>YT<148><137>t,!<18><134>*<17><252><253><242><188><187>8< 170> <1>^<20><161><139><205><18>J<222><129>D<159>KqzB<238><140><147>:<239>O<142>< 225> KX<16><251>Lp<30>&<252><16>k/<236>p<9>9^<253><183><208><214>O\<182><228>"<20 4>|< 201><252><139><17><240><147><149>!<253><249><30><200><151><152><15>l:v<133>< 227> <183><14>e<216>vv<175><134>u<165>{<134><134>i<180><22><223> <215><194><195><20>< 231><224>K<167><225><212><253><158>{<243>M<217><162><217><161>r<14><183>7<16 ><24 1>Q<137><217><29>hU<248>t<239><132>q" User-Password = "<157>j<246>.j<151><148><168>K!n\x|Q<151>1<194><225>W<25 0><152>2(<254><3>(<192>b<13><171>><250>Y;<176><6>)x<19>>Ti|!<17>*<222> <246> {.< 185>=<224><215>l<5>=<213><185><21><138>M<223><229>Jg7)<4><205><253>r5J<178>J Je<2 02><253><16><157><237>.<144><167>:<146>;E<128>L<185>RS3-<189>H<26>l<193>#$<1 64>< 210><138>E<193>" NAS-IP-Address = 209.163.72.14 NAS-Port = 9232 Acct-Session-Id = "000f0910090910" USR-Interface-Index = 3577 Service-Type = Login-User USR-Chassis-Call-Slot = 10 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 17 USR-Connect-Speed = NONE Calling-Station-Id = "6102878105" Called-Station-Id = "3613526" Ascend-Xmit-Rate = 0 NAS-Port-Type = Async Wed Nov 22 12:50:12 2000: DEBUG: Handling request with Handler 'Realm=' Wed Nov 22 12:50:12 2000: DEBUG: Rewrote user name to ^}^i^ew^c^W^M?^J^]^D^h^_f ^T^@^e^U^Jqt^@^Bid^R^p^l5^|]^N^O^~^r ^K^{}^Vu^l2^rf~^D^Sgsg^]^\^e3^H^P^i(`^y^f^Xx^{3^Xyt^T^It,!^R^F*^Q^|^}^r^|^{8 ^j^A ^^T^a^K^M^Rj^^^Ad^_kqzb^n^L^S:^oo^N^akx^P^{lp^^&^|^Pk/^lp 9^^}^w^P^Vo\^v^d "^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^Xvv^o^Fu^e{^F^Fi^t^V^_ ^W^B^C^T^g ^`k^g^a^T^}^^{^sm^Y^b^Y^ar^N^w7^P^qq^I^Y^]hu^xt^o^Dq Wed Nov 22 12:50:12 2000: DEBUG: Rewrote user name to ^}^i^ew^c^W^M?^J^]^D^h^_f ^T^@^e^U^Jqt^@^Bid^R^p^l5^|]^N^O^~^r^K^{}^Vu^l2^rf~^D^Sgsg^]^\^e3^H^P^i(`^y^ f^Xx ^{3^Xyt^T^It,!^R^F*^Q^|^}^r^|^{8^j^A^^T^a^K^M^Rj^^^Ad^_kqzb^n^L^S:^oo^N^akx^ P^{l p^^&^|^Pk/^lp9^^}^w^P^Vo\^v^d"^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^X vv^o ^Fu^e{^F^Fi^t^V^_^W^B^C^T^g^`k^g^a^T^}^^{^sm^Y^b^Y^ar^N^w7^P^qq^I^Y^]hu^xt^o ^Dq Wed Nov 22 12:50:12 2000: DEBUG: SDB1 Deleting session for ^}^i^eW^c^W^M?^J^]^D ^h^_f^T^@^e^U^JQT^@^Bid^R^p^l5^|]^N^O^~^r ^K^{}^VU^l2^rf~^D^SGsg^]^\^e3^H^P^i(`^y^f^XX^{3^XYT^T^It,!^R^F*^Q^|^}^r^|^{8 ^j^A ^^T^a^K^M^RJ^^^AD^_KqzB^n^L^S:^oO^N^aKX^P^{Lp^^&^|^Pk/^lp 9^^}^w^P^VO\^v^d "^L|^I^|^K^Q^p^S^U!^}^y^^^H^W^X^Ol:v^E^c^w^Ne^Xvv^o^Fu^e{^F^Fi^t^V^_ ^W^B^C^T^g ^`K^g^a^T^}^^{^sM^Y^b^Y^ar^N^w7^P^qQ^I^Y^]hU^xt^o^Dq, 209.141.72.14, 9232 Wed Nov 22 12:50:12 2000: DEBUG: Handling with Radius::AuthLDAP2 Wed Nov 22 12:50:12 2000: DEBUG: Connecting to localhost, port 389 __________________________________ OPENLDAP: Nov 22 12:50:12 rad1 slapd[144]: do_bind Nov 22 12:50:12 rad1 slapd[144]: do_bind: version 2 dn (dc=ppp,dc=netcarrier,dc= com) method 128 Nov 22 12:50:12 rad1 slapd[144]: dn2entry_r: dn: "DC=PPP,DC=NETCARRIER,DC=COM" Nov 22 12:50:12 rad1 slapd[144]: => dn2id( "DC=PPP,DC=NETCARRIER,DC=COM" ) Nov 22 12:50:12 rad1 slapd[144]: ====> cache_find_entry_dn2id: found dn: DC=PPP, DC=NETCARRIER,DC=COM Nov 22 12:50:12 rad1 slapd[144]: <= dn2id 2 (in cache) Nov 22 12:50:12 rad1 slapd[144]: => id2entry_r( 2 ) Nov 22 12:50:12 rad1 slapd[144]: ====> cache_find_entry_dn2id: found id: 2 rw: 0 Nov 22 12:50:12 rad1 slapd[144]: <= id2entry_r 0x80f3940 (cache) Nov 22 12:50:12 rad1 slapd[144]: ====> cache_return_entry_r Nov 22 12:50:12 rad1 slapd[144]: do_bind: bound "dc=ppp,dc=netcarrier,dc=com" to "dc=ppp,dc=netcarrier,dc=com" Nov 22 12:50:12 rad1 slapd[144]: send_ldap_result 0:: ___________________________________ CONFIG FILE SECTION: <AuthBy LDAP2> Identifier LDAP_AUTH # Prevent looking up DEFAULT user when no entry is found: NoDefault # The LDAP host to connect to Host localhost # If not set, defaults to 389. Use 636 for SSL. # Port 389 # as a privelged user AuthDN dc=ppp,dc=netcarrier,dc=com AuthPassword blahblahblah # The base DN at which to start the search BaseDN dc=ppp,dc=netcarrier,dc=com # Set Scope to first level only Scope one # The LDAP attribute to match against User-Name UsernameAttr uid # The LDAP attribute that contains a plaintext password # or a password in the format {crypt}1xMKc0GIVUNbE # or {SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= PasswordAttr userPassword # Use generic reply and check items. These will be # contained in single LDAP attributes AuthAttrDef ncCheckItem,GENERIC,check AuthAttrDef ncReplyItem,GENERIC,reply # Default reply items DefaultReply \ Service-Type=Framed-User, \ Framed-Protocol=PPP, \ Idle-Timeout=1200 </AuthBy> <Realm> # Use LDAP_AUTH instead of CDBFILE (fs 11/2/00) #AuthBy CDBFILE_AUTH AuthBy LDAP_AUTH # Translate all upper case to lower case RewriteUsername tr/A-Z/a-z/ # Substitute whitespace to nothing everywhere in the line: RewriteUsername s/\s//g PasswordLogFileName %L/password.log SessionDatabase SDB1 # Log accounting to the detail file in LogDir AcctLogFileName %D/Accounting/netcarrier.com-%h </Realm> === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
