Hello Bruno -
Hmmmm - interesting (and thanks for sending the details).
I don't have exactly the same setup here, so could you try something for me
please? In your code (shown below), I would like to know which line is
causing the problem:
if ($code eq 'Access-Request') {
my $authby=Radius::AuthGeneric::find ('ldap_auth_id');
my $ldap_c=$authby->{ld};
Ie. - is the Radius::AuthGeneric::find not returning the correct value?
or is the $authby->{ld} not returning anything (or returning "undef")?
In general, the AuthBy LDAP* clauses open and close the connection to the
LDAP server for every request, so I suspect that is your problem.
You can either use the "HoldServerConnection" parameter in the AuthBy LDAP2
clause (which I see you are doing), or you can explicitly call
$authby->reconnect(); in your code.
This behaviour did change some time ago, so if you were using an earlier
version of Radiator previously that may be why you are seeing different
behaviour. There could also be a problem with -HUP processing of course.
Could you also let me know what LDAP server version you are using? And can
you tell me what you did prior to sending the -HUP (ie. what changed?)?
thanks and regards
Hugh
On Saturday 17 March 2001 05:38, Bruno Tiago Rodrigues wrote:
> hi all
>
> is anyone aware of problems like AuthBy identifiers (passed from Radiators
> AuthBy clauses to custom code in hooks) being lost after a kill -HUP ? I'm
> now using radiator 2.18 and I almost swear this kind of feature was working
> a few weeks ago with a previous version of radiator, altough it may be
> kinda hard to re-check now. relevant excerpts of the config and logs are
> below... let me know if you need further data to recreate this situation.
>
> thanks in advance
>
> this is a trace excerpt of radiator after I kill -HUP and send a test
> authentication packet (this stuff keeps getting repeated for each access
> request)
>
> Fri Mar 16 19:17:55 2001: DEBUG: Check if Handler should be used to handle
> this request
> Fri Mar 16 19:17:55 2001: DEBUG: Handling request with Handler ''
> Fri Mar 16 19:17:55 2001: DEBUG: Deleting session for usertest,
> 203.63.154.1, 1234
> Fri Mar 16 19:17:55 2001: DEBUG: Handling with Radius::AuthLDAP2
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got result for
> cn=usertest,ou=stuff,o=org,c=pt
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got DialInPassword:
> {crypt}FiSVO8o8APDZQ
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got IDLETIMEOUTNUMBER: 1800
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got FRAMEDPROTOCOL: PPP
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got AUTHSERVICEPROTOCOL: Framed-User
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got FRAMEDROUTING: None
> Fri Mar 16 19:17:55 2001: DEBUG: LDAP got AUTHPORTLIMIT: 2
> Fri Mar 16 19:17:55 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> usertest
> Fri Mar 16 19:17:55 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Fri Mar 16 19:17:55 2001: DEBUG: entering PostAuth hook
> Fri Mar 16 19:17:55 2001: ERR: Error in PostAuthHook(): Can't call method
> "bind" on an undefined value at (eval 145) line 32.
> Fri Mar 16 19:17:55 2001: DEBUG: Access accepted for usertest
>
> this is how my config file looks like:
>
> ##############################begin cfg file
> LogDir /usr/radius/logs
> DbDir /usr/radius/cfg
> PidFile %L/pid.radius
> Trace 3
> AuthPort 1645
> AcctPort 1646
>
> include %D/clients.cfg
>
> LogFile %L/debug.log
> DictionaryFile %D/dictionary
>
> <Handler>
> AcctLogFileName %L/radacct/%C/detail
> <AuthBy LDAP2>
> Identifier ldap_auth_id
> Host other_host
> Port 389
> HoldServerConnection
>
> AuthDN cn=admin
> AuthPassword whocaresanyway
>
> BaseDN ou=stuff,o=org,c=pt
> AuthAttrDef FRAMEDPROTOCOL, Framed-Protocol, reply
> AuthAttrDef AUTHSERVICEPROTOCOL, Service-Type, reply
> AuthAttrDef IDLETIMEOUTNUMBER, Idle-Timeout, reply
> AuthAttrDef AUTHPORTLIMIT, Port-Limit, reply
> AuthAttrDef FRAMEDROUTING, Framed-Routing, reply
>
> UsernameAttr uid
> PasswordAttr DialInPassword
> </AuthBy>
> </Handler>
>
>
> #####end cfg file
>
> below is an excerpt (relevant stuff only) of how the hook code looks like:
>
> ###########begin hook code
> use Radius::Radius;
> use Data::Dumper;
> use Net::LDAP;
> use strict;
>
> sub {
> my $dn;
> my $ldap_c;
> my $ldap_conn;
>
> my $p = ${$_[0]}; #this is the request object
> my $rp = ${$_[1]}; #this is the response object
> my $result = ${$_[2]};
>
> ####### # checking if user was validated ok first
>
> return if ($result != $main::ACCEPT);
>
> ####### # check which packet type we're dealing with
>
> &main::log($main::LOG_DEBUG,"entering PostAuth hook");
>
> my $code=$p->code;
> my $username=$p->get_attr('User-Name');
>
> if ($code eq 'Access-Request') {
>
> my $authby=Radius::AuthGeneric::find ('ldap_auth_id');
> my $ldap_c=$authby->{ld};
>
> $ldap_c->bind(dn=>"cn=admin",password=>"whocaresanyway") or
> &main::log($main::LOG_ERR, "» LDAP problems on bind?");
>
> my $ldap_conn=$ldap_c->search(
> base=>'ou=stuff,o=org,c=pt',
> filter=>'uid='.$username,
> attrs=>
> ['framedipaddress','accessproducttype','pricingplaninfo','allowednumber']);
> if ($ldap_conn->code) {&main::log($main::LOG_ERR, "» LDAP problems on
> read?"); }
>
> #
> #extra code here deleted for obvious reasons
> #
>
> }
> elsif ($code == 'Accounting-Request') {
> my $subcodetype=$p->getAttrByNum($Radius::Radius::ACCT_STATUS_TYPE);
> if ($subcodetype eq 'Start') {
> #
> #yadda yadda yadda
> #
> }
> elsif ($subcodetype == 'Stop') {
> #
> #all your base are belong to us
> #
> }
> else {
> &main::log($main::LOG_ERR,"--->Unknown Accounting Packet code
> $subcodetype found\n"); }
> }
> ${$_[1]} = $rp;
> ${$_[2]} = $result;
> return;
> }
>
>
> ###########end hook code
>
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
