Problems with 1.0.6-2.0.1 connecting to OpenLDAP 2.3.33

Zach Lowry zach at zachlowry.net
Sun Mar 2 01:18:41 CET 2008


I'm running FreeRadius 2.0.1 on OpenBSD 4.2 on sparc64. I've also  
tried versions 1.0.6 and 1.1.6. I'm using OpenLDAP 2.3.33 with  
rlm_ldap. It works for the first request, then returns the following:

 From FreeRadius:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 2362, id=66,
length=56
         User-Name = "zach"
         User-Password = "*****"
         NAS-IP-Address = 192.168.2.11
         NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
     rlm_realm: No '@' in User-Name = "zach", looking up realm NULL
     rlm_realm: No such realm "NULL"
++[suffix] returns noop
   rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for zach
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
         expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=zach)
         expand: o=zachlowry.net,c=US -> o=zachlowry.net,c=US
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=zachlowry.net,c=US, with filter
(uid=zach)
rlm_ldap: ldap_search() failed: Timed out while waiting for server to
respond. Please increase the timeout.
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns fail
Invalid user: [zach/*****] (from client localhost port 1812)
   Found Post-Auth-Type Reject
+- entering group REJECT
         expand: %{User-Name} -> zach
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 66 to 127.0.0.1 port 2362
Waking up in 4.9 seconds.
Cleaning up request 2 ID 66 with timestamp +113
Ready to process requests.

 From OpenLDAP:

Mar  1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH
base="o=zachlowry.net,c=US" scope=2 deref=0 filter="(uid=zach)"
Mar  1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH
attr=radiusNASIpAddress radiusExpiration acctFlags sambaNtPassword
sambaLmPassword ntPassword lmPassword radiusCallingStationId
radiusCalledStationId radiusSimultaneousUse radiusAuthType
radiusCheckItem radiusReplyMessage radiusLoginLATPort radiusPortLimit
radiusFramedAppleTalkZone radiusFramedAppleTalkNetwork
radiusFramedAppleTalkLink radiusLoginLATGroup radiusLoginLATNode
radiusLoginLATService radiusTerminationAction radiusIdleTimeout
radiusSessionTimeout radiusClass radiusFramedIPXNetwork radiusCallbackId
Mar  1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SRCH
attr=radiusCallbackNumber radiusLoginTCPPort radiusLoginService
radiusLoginIPHost radiusFramedCompression radiusFramedMTU
radiusFilterId radiusFramedRouting radiusFramedRoute
radiusFramedIPNetmask radiusFramedIPAddress radiusFramedProtocol
radiusServiceType radiusReplyItem userPassword
Mar  1 10:25:01 tweedledum slapd[9985]: conn=8483 op=4 SEARCH RESULT
tag=101 err=0 nentries=1 text=
Mar  1 10:25:01 tweedledum slapd[9985]: conn=8483 op=5 ABANDON msg=5

I can't find where the ABANDON is sent to the LDAP server. The
"increase the timeout" error is found easily enough in rlm_ldap.c,
but I can't figure out what timeout to increase. I think there's a
deeper issue afoot, however.

Thanks,

--Zach





More information about the Freeradius-Users mailing list