Salut Pascal -
Bonne Annee 2014!
There are many examples of how to do this in the Radiator source code.
Here is an extract from “Radius/AuthLDAP2.pm”:
#####################################################################
# Check a password for a DN, by attempting to bind with a
# supplied password. Careful: an empty password will always appear
# to match, so we reject that case
sub checkPassword
{
my ($self, $dn, $password) = @_;
my $result;
return if $self->{LDAPRejectEmptyPassword} && $password eq '';
&Radius::Util::exec_timeout($self->{Timeout},
sub {$result = $self->{ld}->bind(dn => $dn,
password => $password);});
if (!$result ||
($result->code()
&& $result->code() != Net::LDAP::Constant->LDAP_INAPPROPRIATE_AUTH
&& $result->code() != Net::LDAP::Constant->LDAP_INVALID_CREDENTIALS))
…….
regards
Hugh
On 17 Jan 2014, at 06:56, Pascal Beauregard <[email protected]>
wrote:
> Hi,
> yesterday we have experienced twice a situation where Radiator stops to
> respond to requests apparently because the server was stuck in the execution
> of a script.
>
> Here is what we saw in the logfile :
>
> Tue Jan 14 13:13:56 2014: DEBUG: Deleting session for demk2801, 10.40.0.130,
> 1
> Tue Jan 14 13:13:56 2014: DEBUG: Handling with Radius::AuthFILE:
> Tue Jan 14 13:13:56 2014: DEBUG: Handling with EAP: code 2, 11, 43, 25
> Tue Jan 14 13:13:56 2014: DEBUG: Response type 25
> Tue Jan 14 13:13:56 2014: DEBUG: EAP Success, elapsed time 0.267233
> Tue Jan 14 13:13:56 2014: DEBUG: EAP result: 0,
> Tue Jan 14 13:13:56 2014: DEBUG: AuthBy FILE result: ACCEPT,
> Tue Jan 14 13:13:56 2014: DEBUG: Running aeriusSecurise_VLAN: for user
> demk2801 (Jan 14, 2014 13:13) : Accept
> Tue Jan 14 13:13:56 2014: DEBUG: Running aeriusSecurise_VLAN: verify demk2801
> is memberOf... for VLAN selection
> 13:47
> Tue Jan 14 13:24:23 2014: ERR: Error in PostAuthHook(): I/O Error Interrupted
> system call at /etc/radiator/hooks/ADI.pm line 111, <GEN1> line 16081.
>
> Here is what we have at line 111 of ADI.pm
>
> #print " Bind LDAP session with user $ldapuser \n";
> my $mesg = $ldap->bind($ldapuser,
> password => pack('H*',$ldappass))
> or die $@;
>
> Is there a way to make sure that if a bind does not work we exit the script
> after a period of time ?
>
>
> ______________________________
> Pascal Beauregard
> Analyste en télécommunications
> Service des Technologies de l'information
> Université de Sherbrooke
>
> Tél. : 819-821-7770
> Courriel : [email protected]
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
