(RADIATOR) Radiator couldn't bind to ldap

Mai Bui Fri, 12 Sep 2003 09:21:47 -0700

Support,

I'm having problem with Radiator binding to LDAP when running radpwtst on a Linux 8.0 server. The system environments are Radiator 3.6 and openldap-2.0.25, and perl-ldap-0.2701. Radiator and LDAP processes are running when tested radpwtst. Also, I have eliminated LDAP issues because I was able to viewed the user from LDAP client and port 389 also listened from system. Here is the errors from log file.

Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 7
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 13
Fri Sep 12 10:33:03 2003: ERR: Unknown keyword 'SNMP' in /etc/raddb/radtest.cfg line 19
Fri Sep 12 10:33:03 2003: DEBUG: Reading users file /etc/raddb/users
Fri Sep 12 10:33:04 2003: DEBUG: Reading group file /etc/group
Fri Sep 12 10:33:04 2003: DEBUG: Finished reading configuration file '/etc/raddb/radtest.cfg'
Fri Sep 12 10:33:04 2003: DEBUG: Reading dictionary file '/etc/raddb/dictionary'
Fri Sep 12 10:33:04 2003: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Sep 12 10:33:04 2003: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Sep 12 10:33:04 2003: NOTICE: Server started: Radiator 3.6 on auth.xxxxxxx.net
Fri Sep 12 10:33:32 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Access-Request
Identifier: 212
Authentic: 1234567890123456
Attributes:
        User-Name = "ctyxxxx"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = "<200><141><162>v<209><198>X6<31><235><251><167><228>B<161>d"

Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:32 2003: DEBUG: Deleting session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:32 2003: ERR: Attribute number 79 is not defined in your dictionary
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with ctyxxxx
Fri Sep 12 10:33:32 2003: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Sep 12 10:33:32 2003: DEBUG: Handling with Radius::AuthLDAP2: LDAP
Fri Sep 12 10:33:32 2003: INFO: Connecting to 127.0.0.1, port 389
Fri Sep 12 10:33:32 2003: INFO: Attempting to bind with uid=searchuser,dc=xxxxxxx,dc=net, passwd (server 127.0.0.1:389)
Fri Sep 12 10:33:42 2003: ERR: Could not bind connection with uid=searchuser,dc=xxxxxxxx,dc=net, passwd, error: LDAP Timeout (server 127.0.0.1:389).
Fri Sep 12 10:33:42 2003: ERR: Backing off from 127.0.0.1:389 for 600 seconds.
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthFILE IGNORE: User database access error
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthUNIX: System
Fri Sep 12 10:33:42 2003: DEBUG: Radius::AuthUNIX looks for match with ctyxxxx
Fri Sep 12 10:33:42 2003: INFO: Access rejected for ctyxxxx: No such user
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Access-Reject
Identifier: 212
Authentic: 1234567890123456
Attributes:
        Reply-Message = "choice: "
        Reply-Message = "Request Denied"

Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Accounting-Request
Identifier: 213
Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
        User-Name = "ctyxxxx"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0

Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Adding session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Accounting-Response
Identifier: 213
Authentic: <22>v<144>J<224><0><28>XDi<225>O<154><165>zo
Attributes:
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32809 ....
Code:       Accounting-Request
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:
        User-Name = "ctyxxxx"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000

Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Rewrote user name to ctyxxxx
Fri Sep 12 10:33:42 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Sep 12 10:33:42 2003: DEBUG: Deleting session for ctyxxxx, 203.63.154.1, 1234
Fri Sep 12 10:33:42 2003: DEBUG: Handling with Radius::AuthFILE: File
Fri Sep 12 10:33:42 2003: DEBUG: Accounting accepted
Fri Sep 12 10:33:42 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32809 ....
Code:       Accounting-Response
Identifier: 214
Authentic: ZQ<188>2<174><6>-<140>jG<7><227>i<199><166><209>
Attributes:

Here is the config file:

##Log Directory
LogDir /var/adm/radacct
##Config Directory
DbDir /etc/raddb
##SNMP Location
SnmpgetProg /usr/local/bin/snmpget
##Log Level (1 is small , 4 is big)
Trace 4
##Clients information location
include %D/clients.cfg
## Strip local realms from incoming iPass users.
RewriteUsername         s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/
RewriteUsername         s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/
RewriteUsername         s/\s+//g
RewriteUsername         tr/A-Z/a-z/
#
#
#
#
<Realm DEFAULT>
        <AuthBy FILE>
                Identifier File
        </AuthBy>
        <AuthBy UNIX>
                Identifier System
                Filename /etc/shadow
        </AuthBy>
        <AuthBy LDAP2>
                Identifier LDAP
                Host    127.0.0.1
                Port    389
                AuthDN uid=searchuser,dc=xxxxxxxxx,dc=net
                AuthPassword
                BaseDN %0=%1,ou=people,dc=xxxxxxx,dc=net
                Scope   base
                UsernameAttr    uid
                PasswordAttr    userPassword
                HoldServerConnection
                SearchFilter (&(gecos=active)(uid=%1))
                AuthAttrDef gidNumber, gid-attr, request
        </AuthBy>
        PostAuthHook file:"%D/postHook"
        AcctLogFileName %L/%N/detail
</REALM>

I have built another authentication server running on Solaris 8 and it is working fine, just the one running on Linux8 are having problem and built it from sources instead of RPM. Can you tell from the errors log that Radiator having problem access the LDAP (database reside on local system) or could be binding or localhost issues? I have checked database, passwd, hosts, hosts.allow, host.deny, ports as well but couldn't resolve the issue. Any help is greatly appreciated, and please let me know if you need more info to determine the problem.

Thanks,
Mai Bui

(RADIATOR) Radiator couldn't bind to ldap

Reply via email to