fr3+ldap = rad_send() failed: Invalid argument

Zeus Panchenko zeus at ibs.dn.ua
Mon Jan 27 19:36:11 CET 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello,

please, help me to understand what am I missing ...

I am trying to get fr3 working with ldap as storage for users, profiles
and clients

while I was able to auth successfully on v.2, now after upgrade to 3.0.0
I am unable to get Access-Accept with radtest ...

> radtest -4 -x student2 ***** radius.es 100 testing123 0 radius.es
Sending Access-Request of id 23 from 0.0.0.0 port 24919 to 10.0.0.1 port 1812
        User-Name = 'student2'
        User-Password = '*****'
        NAS-IP-Address = 10.0.0.1
        NAS-Port = 100
        Message-Authenticator = 0x00
...
radclient: no response from server for ID 23 socket 3


here is fr debug fragment:

- ---[ quotation start ]-------------------------------------------

rlm_ldap (ldap): Reserved connection (14)
(1) files : Using user DN from request "cn=student2,ou=users,ou=radius,dc=es"
(1) files : Checking user object membership (radiusGroupName) attributes
(1) files : Performing search in 'cn=student2,ou=users,ou=radius,dc=es' with filter '(null)'
(1) files : Waiting for search result...
(1) files : Processing group membership value "students"
(1) files : Processing group membership value "teachers"
(1) files : User found. Comparison between membership: name, check: name]
rlm_ldap (ldap): Released connection (14)
(1) files : users: Matched entry DEFAULT at line 7
(1)   [files] = ok
rlm_ldap (ldap): Reserved connection (14)
(1) ldap :      expand: "(cn=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(cn=student2)'
(1) ldap :      expand: "ou=users,ou=radius,dc=es" -> 'ou=users,ou=radius,dc=es'
(1) ldap : Performing search in 'ou=users,ou=radius,dc=es' with filter '(cn=student2)'
(1) ldap : Waiting for search result...
(1) ldap : User object found at DN "cn=student2,ou=users,ou=radius,dc=es"
(1) ldap :              control:Cleartext-Password := '*****'
(1) ldap :              control:User-Profile := 'cn=students,ou=profiles,ou=radius,dc=es'
rlm_ldap (ldap): Released connection (14)
(1)   [ldap] = ok
(1)   [expiration] = noop
(1)   [logintime] = noop
(1)   [pap] = updated
(1)  } #  authorize = updated
(1) Found Auth-Type = PAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)  Auth-Type PAP {
(1) pap : login attempt with password "*****"
(1) pap : Using clear text password "*****"
(1) pap : User authenticated successfully
(1)   [pap] = ok
(1)  } # Auth-Type PAP = ok
...
Sending Access-Accept of id 23 from 10.0.0.1 port 1812 to 10.0.0.1 port 24919
rad_send() failed: Invalid argument
(1) ERROR: Failed sending reply: 
(1) Finished request 1.
Waking up in 0.3 seconds.

- ---[ quotation end   ]-------------------------------------------


and in addition, while the very auth is successfull as I can see,
profile attributes application to the user is not occuring (as it was
with v.2) ...

here is ldap module configuration:

- ---[ quotation start ]-------------------------------------------

 ldap {
        server = "localhost"
        port = 389
        password = "*****"
        identity = "cn=ldapmaster,dc=es"
        edir_autz = yes
   user {
        filter = "(cn=%{%{Stripped-User-Name}:-%{User-Name}})"
        scope = "sub"
        base_dn = "ou=users,ou=radius,dc=es"
        access_positive = yes
   }
   group {
        filter = "(objectClass=groupOfNames)"
        scope = "sub"
        base_dn = "ou=profiles,ou=radius,dc=es"
        name_attribute = "cn"
        membership_attribute = "radiusGroupName"
        cacheable_name = no
        cacheable_dn = no
   }
   client {
        filter = "(objectClass=radiusClient)"
        scope = "sub"
        base_dn = "ou=clients,ou=radius,dc=es"
    attribute {
        identifier = "radiusClientIdentifier"
        shortname = "radiusClientShortname"
        secret = "radiusClientSecret"
    }
   }
   profile {
        filter = "(&(objectClass=radiusprofile)(ou=profile))"
   }
   options {
        ldap_debug = 296
        chase_referrals = yes
        rebind = yes
        net_timeout = 1
        res_timeout = 20
        srv_timelimit = 20
        idle = 60
        probes = 3
        interval = 3
   }
   tls {
        start_tls = no
   }
  }

- ---[ quotation end   ]-------------------------------------------



can somebody advise, pls?


- -- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlLmpxsACgkQr3jpPg/3oyq5CQCfbhlkzaPhzwuxcj78BnAeBIsh
1PIAoOjcaDCyKH6znEfTW+eR6zDNGTiu
=6U/9
-----END PGP SIGNATURE-----

More information about the Freeradius-Users mailing list