proxy configuration with ldap configuration failed to authenticate

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

proxy configuration with ldap configuration failed to authenticate

nikitha-2
Hi

Im sending an authentication request to the radius server which
proxy's the request to the other server.

But After proxying the request it does ldap search & returns
Access-Reject to the user.

Why is this ldap authentication is needed for proxy requests??

Please help he in this regard. Awaiting for the earliest reply.

Thanks
Sumi

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

Alan DeKok
sumi thra <[hidden email]> wrote:
> But After proxying the request it does ldap search & returns
> Access-Reject to the user.
>
> Why is this ldap authentication is needed for proxy requests??

  Because you configured it to do that?

  Try setting "post_proxy_authorize = no"

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

nikitha-2
Hi Alan,

Thanks a lot. Its working fine now.

Thanks & Regards
Sumithra



On 7/28/05, Alan DeKok <[hidden email]> wrote:

> sumi thra <[hidden email]> wrote:
> > But After proxying the request it does ldap search & returns
> > Access-Reject to the user.
> >
> > Why is this ldap authentication is needed for proxy requests??
>
>  Because you configured it to do that?
>
>  Try setting "post_proxy_authorize = no"
>
>  Alan DeKok.
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

nikitha-2
Hi,

I am trying to create an accounting file in my compact flash card
which is mounted on my home directory.

ex : /home/admin/compactflash/

When i send a request for the first time its creating the accounting file under

/home/admin/coompactflash/ %NAS IP/client file name (with date)

Now im deleting this file ie., the directory under /home/admin/compactflash/

When i send a request for the next time, rlm_detail  gives an error
that : could not open the file
/home/admin/compactflash/previousnasip/client file name?

My doubt is, why is it looking for the previous file name? It should
create a directory if its not existing.. thats what the source code
comments says.

Could you plz give me a solution for my doubt??

Thanks
Sumi

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

nikitha-2
> Hi,
>
> I am trying to create an accounting file in my compact flash card
> which is mounted on my home directory.
>
> ex : /home/admin/compactflash/
>
> When i send a request for the first time its creating the accounting file under
>
> /home/admin/coompactflash/ %NAS IP/client file name (with date)
>
> Now im deleting this file ie., the directory under /home/admin/compactflash/
>
> When i send a request for the next time, rlm_detail  gives an error
> that : could not open the file
> /home/admin/compactflash/previousnasip/client file name?
>
> My doubt is, why is it looking for the previous file name? It should
> create a directory if its not existing.. thats what the source code
> comments says.
>
> Could you plz give me a solution for my doubt??
>
> Thanks
> Sumi
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

nikitha-2
Hi

I there is a bug in rlm_detail module.

In rlm_detail module.. the file is getting created only if that
directory name is not there in the local cache. If it finds the
directory name in local cache it means, that  directory was created
already.. and returns success.

But phisically that directory was not present.. So there needs to be a
check included in the do_detail() function of rlm_detail module ..

if( inst->last_made_directory == NULL ||
strcmp(inst->last_made_directory,buffer) !=0 )
{
.//Create a new directory
......
.....
}

// This check should also be included..
else if(inst->last_made_directory != NULL )
{
// create the directory because the last_made_directory was removed
.....
.....
}

Please revert it back to me if its not the right way to fix it.
Thanks

On 8/11/05, sumi thra <[hidden email]> wrote:

> > Hi,
> >
> > I am trying to create an accounting file in my compact flash card
> > which is mounted on my home directory.
> >
> > ex : /home/admin/compactflash/
> >
> > When i send a request for the first time its creating the accounting file under
> >
> > /home/admin/coompactflash/ %NAS IP/client file name (with date)
> >
> > Now im deleting this file ie., the directory under /home/admin/compactflash/
> >
> > When i send a request for the next time, rlm_detail  gives an error
> > that : could not open the file
> > /home/admin/compactflash/previousnasip/client file name?
> >
> > My doubt is, why is it looking for the previous file name? It should
> > create a directory if its not existing.. thats what the source code
> > comments says.
> >
> > Could you plz give me a solution for my doubt??
> >
> > Thanks
> > Sumi
> >
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: proxy configuration with ldap configuration failed to authenticate

Alan DeKok
sumi thra <[hidden email]> wrote:
> But phisically that directory was not present.. So there needs to be a
> check included in the do_detail() function of rlm_detail module ..

  The only way that a directory will be in the cache and not on disk
is if you go delete it.  My suggestion would be to NOT delete
directories that the server is actively using.

  I'll commit a fix, but this is a *very* corner case.  No one else
has seen this problem in the 5 years the server has been around.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html