Hello Stuart -
The manual recommends using AuthBy LDAP2 with the perl-ldap module, have you
tried using that instead? Section 6.32 in the reference manual.
regards
Hugh
On Monday 05 February 2001 14:01, Stuart Clifton wrote:
> I know I am only currently evaluating the product but please assist.
> I have installed the NET::LDAPapi Module 1.42 running under Perl
> 5.005_03 and Solaris 8
> I installed the NET::LDAPapi Module with Netscape's LDAP SDK 3.0 (as 4.1
> did not work)
>
> I am at the point after the make test ie the final test (point 12
> http://www.open.com.au/radiator/install.html)
> This test against the file authentication works fine everytime but
> against my Netscape Directory Server 4.12 I get the following (there are
> 2 configurations and 2 results listed):
>
> CONFIGURATION 1
>
>
> # myldap.cfg
> #
> # You should consider this file to be a starting point only
> # $Id: ldap.cfg,v 1.2 2000/02/15 07:07:54 mikem Exp $
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> # You will probably want to change this to suit your site.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy LDAP>
> # Tell Radiator how to talk to the LDAP server
> Host dir01.dingoblue.com.au
>
> # You will only need these if your LDAP server
> # requires authentication:
> #AuthDN cn=Directory Manager
> #AuthPassword xxxxxxxx - Replaced
>
> # This the top of the search tree where users
> # will be found. It should match the configuration
> # of your server
> BaseDN o=ISP
>
> # This is the attribute to match the radius user name
> UsernameAttr uid
> # If you dont specify ServerChecksPassword, you
> # need to tell Radiator wjhich attribute contains
> # the password. It can be plaintext or encrypted
> #EncryptedPasswordAttr userPassword
> PasswordAttr userpassword
>
> # You can use CheckAttr, ReplyAttr and AuthAttrDef
> # to specify check and reply attributes int eh LDAP
> # database. See the reference manual for more
> # information
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> #Debug 255
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName ./detail
> </Realm>
>
>
> RESULT
>
>
> # perl radiusd -config_file goodies/myldap.cfg
> This Radiator license will expire on 2001-03-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/radiator/ordering.html
>
> Mon Feb 5 13:31:07 2001: INFO: Server started: Radiator 2.17.1 on
> auth01 (DEMO)
> Mon Feb 5 13:31:22 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 33632 ....
> Code: Access-Request
> Identifier: 67
> Authentic: 1234567890123456
> Attributes:
> User-Name = "fred"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Mon Feb 5 13:31:22 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Feb 5 13:31:22 2001: DEBUG: Deleting session for fred,
> 203.63.154.1, 1234
> Mon Feb 5 13:31:22 2001: DEBUG: Handling with Radius::AuthLDAP
> Mon Feb 5 13:31:22 2001: DEBUG: Connecting to dir01.dingoblue.com.au,
> port 389
> Mon Feb 5 13:31:22 2001: DEBUG: LDAP got result for uid=fred,o=ISP
> Mon Feb 5 13:31:22 2001: DEBUG: LDAP got userpassword:
> {SHA}MQF6ciZl5K/OWGlQ9ClEptMx2r8=
> Mon Feb 5 13:31:22 2001: DEBUG: Radius::AuthLDAP looks for match with
> fred
> #
>
> CONFIGURATION 2
>
>
> # myldap.cfg
> #
> # You should consider this file to be a starting point only
> # $Id: ldap.cfg,v 1.2 2000/02/15 07:07:54 mikem Exp $
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> # You will probably want to change this to suit your site.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy LDAP>
> # Tell Radiator how to talk to the LDAP server
> Host dir01.dingoblue.com.au
>
> # You will only need these if your LDAP server
> # requires authentication:
> AuthDN cn=Directory Manager
> AuthPassword xxxxxxxx - Replaced
>
> # This the top of the search tree where users
> # will be found. It should match the configuration
> # of your server
> BaseDN o=ISP
>
> # This is the attribute to match the radius user name
> UsernameAttr uid
> # If you dont specify ServerChecksPassword, you
> # need to tell Radiator wjhich attribute contains
> # the password. It can be plaintext or encrypted
> #EncryptedPasswordAttr userPassword
> PasswordAttr userpassword
>
> # You can use CheckAttr, ReplyAttr and AuthAttrDef
> # to specify check and reply attributes int eh LDAP
> # database. See the reference manual for more
> # information
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> #Debug 255
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName ./detail
> </Realm>
>
>
> RESULT
>
>
> # perl radiusd -config_file goodies/myldap.cfg
> This Radiator license will expire on 2001-03-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/radiator/ordering.html
>
> Mon Feb 5 13:57:58 2001: INFO: Server started: Radiator 2.17.1 on
> auth01 (DEMO)
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 33642 ....
> Code: Access-Request
> Identifier: 137
> Authentic: 1234567890123456
> Attributes:
> User-Name = "fred"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Mon Feb 5 13:58:02 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Feb 5 13:58:02 2001: DEBUG: Deleting session for fred,
> 203.63.154.1, 1234
> Mon Feb 5 13:58:02 2001: DEBUG: Handling with Radius::AuthLDAP
> Mon Feb 5 13:58:02 2001: DEBUG: Connecting to dir01.dingoblue.com.au,
> port 389
> Mon Feb 5 13:58:02 2001: DEBUG: LDAP got result for uid=fred,o=ISP
> Mon Feb 5 13:58:02 2001: ERR: There was no password attribute found for
> fred. Check your LDAP database.
> Mon Feb 5 13:58:02 2001: DEBUG: Radius::AuthLDAP looks for match with
> fred
> Mon Feb 5 13:58:02 2001: DEBUG: Radius::AuthLDAP REJECT: Bad Encrypted
> password
> Mon Feb 5 13:58:02 2001: DEBUG: No entries for DEFAULT found in LDAP
> database
> Mon Feb 5 13:58:02 2001: INFO: Access rejected for fred: Bad Encrypted
> password
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 33642 ....
> Code: Access-Reject
> Identifier: 137
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 33642 ....
> Code: Accounting-Request
> Identifier: 138
> Authentic: <191>+MqC<6>%<1><148><137><246>}<204><197><253><170>
> Attributes:
> User-Name = "fred"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
>
> Mon Feb 5 13:58:02 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Feb 5 13:58:02 2001: DEBUG: Adding session for fred, 203.63.154.1,
> 1234
> Mon Feb 5 13:58:02 2001: DEBUG: Handling with Radius::AuthLDAP
> Mon Feb 5 13:58:02 2001: DEBUG: Accounting accepted
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 33642 ....
> Code: Accounting-Response
> Identifier: 138
> Authentic: <191>+MqC<6>%<1><148><137><246>}<204><197><253><170>
> Attributes:
>
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 33642 ....
> Code: Accounting-Request
> Identifier: 139
> Authentic: z[<173>[<140><184><250>v+]<145>~<245>89b
> Attributes:
> User-Name = "fred"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Acct-Delay-Time = 0
> Acct-Session-Time = 1000
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Mon Feb 5 13:58:02 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Feb 5 13:58:02 2001: DEBUG: Deleting session for fred,
> 203.63.154.1, 1234
> Mon Feb 5 13:58:02 2001: DEBUG: Handling with Radius::AuthLDAP
> Mon Feb 5 13:58:02 2001: DEBUG: Accounting accepted
> Mon Feb 5 13:58:02 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 33642 ....
> Code: Accounting-Response
> Identifier: 139
> Authentic: z[<173>[<140><184><250>v+]<145>~<245>89b
> Attributes:
>
>
>
>
> In the first result the Radiator server quit and the test stated 'No
> Response'
> Also why is the second result doing a lookup against DEFAULT ?
>
>
> Any ideas
>
> Stuart Clifton
> Dingo Blue
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
