Aaron Richton wrote:
On Wed, 15 Aug 2012, JET JETASIK wrote:
Still got any luck yet. Nothing hit my radius server when doing simple auth to openldap. Any clue on how to check this.
Here is my /etc/radius.conf auth 192.168.0.10:1812 secret
There aren't that many moving parts...
- Maybe try explicitly configuring timeout and numtries (fields 4 and 5)
... my
radius.conf has them, the man page implies defaults but who knows.
Also tried with no luck.
- Quick check might be to do a truss/strace/etc. on the open() family to
see if
anything .*radius.* is being read, perhaps not in the path you were expecting. (You should see this once per bind.)
Frankly speaking I am not working as programmer/developer, I merely catch it up a bit.
From truss during simple bind, I can see it read the radius.conf and
sendto() my radius server, also got recvfrom() it, but nothing hit my radius server actually. Below is output of truss -p <slapd_pid>
exit(0x11) = 454 (0x1c6) accept(7,{ AF_INET 172.16.16.97:49479 },0x7ffffebfbc2c) = 9 (0x9) write(5,"0",1) = 1 (0x1) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) select(17,{4 6 7},0x0,0x0,0x0) = 1 (0x1) read(4,"0",1024) = 1 (0x1) setsockopt(0x9,0x6,0x1,0x7ffffebfbc28,0x4,0x0) = 0 (0x0) getpid() = 4200 (0x1068) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) sigprocmask(SIG_BLOCK,0x0,0x0) = 0 (0x0) open("/etc/hosts.allow",O_RDONLY,0666) = 18 (0x12) fstat(18,{ mode=-rw-r--r-- ,inode=1278751,size=3353,blksize=32768 }) = 0 (0x0) read(18,"#\n# hosts.allow access control "...,32768) = 3353 (0xd19) close(18) = 0 (0x0) sigprocmask(SIG_SETMASK,0x0,0x0) = 0 (0x0) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) fcntl(9,F_GETFL,) = 6 (0x6) fcntl(9,F_SETFL,O_NONBLOCK|0x2) = 0 (0x0) write(5,"0",1) = 1 (0x1) read(4,"0",1024) = 1 (0x1) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) select(17,{4 6 7 9},0x0,0x0,0x0) = 1 (0x1) -- UNKNOWN SYSCALL 8769568 -- getpid() = 4200 (0x1068) sendto(3,"<167>Aug 16 10:37:04 slapd[4200]"...,99,0x0,NULL,0x0) = 3 (0x3) compat.creat(0x9,0x81846006f,0x8,0x0,0x50,0x0) = 99 (0x63) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) fchdir(0x7fffff3fcb50,0x18726,0x441050,0x0,0x0,0x502c6ae0) = 3 (0x3) fchflags(0x9,0x817c6056f,0x8,0x0,0x50,0x7fffff3fc93f) = 4 (0x4) exit(0x5) = 1 (0x1) exit(0x4) = 232 (0xe8) getpid() = 232 (0xe8) sendto(3,"<167>Aug 16 10:37:04 slapd[4200]"...,110,0x0,NULL,0x0) = 93 (0x5d) open("/dev/random",O_RDONLY,00) = 18 (0x12) read(18,"\M-I\M^^o^_\M^C*\M-2\\M-x\M-Q"...,124) = 124 (0x7c) close(18) = 0 (0x0) open("/etc/radius.conf",O_RDONLY,0666) = 18 (0x12) fstat(18,{ mode=-rw-r--r-- ,inode=1278806,size=28,blksize=32768 }) = 0 (0x0) read(18,"auth 10.10.10.9:1812 secret\n",32768) = 28 (0x1c) read(18,0x817c6a000,32768) = 0 (0x0) close(18) = 0 (0x0) socket(PF_INET,SOCK_DGRAM,17) = 18 (0x12) bind(18,{ AF_INET 0.0.0.0:0 },16) = 0 (0x0) sendto(18,"^A\M-y\08\M^T\M^V\M-K\M-~\a\M-*"...,56,0x0,{ AF_INET 10.10.10.9:1812 },0x10) = 56 (0x38) gettimeofday({1345088224.408943 },0x0) = 0 (0x0) select(19,{18},0x0,0x0,{3.000000 }) = 1 (0x1) recvfrom(18,"^C\M-y\0^T\M-FB\M-N\M-"\\M^_"...,4096,0x40,{ AF_INET 10.10.10.9:1812 },0x7fffff3fb62c) = 20 (0x14) close(18) = 0 (0x0) write(9,"0\f^B^A^Aa\a\n^A1^D\0^D\0",14) = 14 (0xe) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) getpid() = 4200 (0x1068) sendto(3,"<167>Aug 16 10:37:04 slapd[4200]"...,75,0x0,NULL,0x0) = 75 (0x4b) exit(0x11) = 454 (0x1c6) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) read(9,0x817c6056f,8) = 0 (0x0) select(17,{4 6 7},0x0,0x0,0x0) = 1 (0x1) read(4,"0",1024) = 1 (0x1) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) shutdown(9,SHUT_RDWR) = 0 (0x0) close(9) = 0 (0x0) clock_gettime(13,{1345088224.000000000 }) = 0 (0x0) getpid() = 4200 (0x1068) sendto(3,"<167>Aug 16 10:37:04 slapd[4200]"...,73,0x0,NULL,0x0) = 73 (0x49)
- Turn up slapd debugging, make sure you're getting to the bind in the
first
place in terms of ACLs, etc.
- Attach a debugger, break on chk_radius. It's not that complex a
function...
Here is slapd log. Aug 16 10:37:04 freebsd slapd[4200]: conn=1004 fd=9 ACCEPT from IP=172.16.16.97:49479 (IP=0.0.0.0:389) Aug 16 10:37:04 freebsd slapd[4200]: conn=1004 op=0 BIND dn="cn=xxx,ou=xxx,dc=xxx,dc=xx,dc=xx" method=128 Aug 16 10:37:04 freebsd slapd[4200]: conn=1004 op=0 RESULT tag=97 err=49 text= Aug 16 10:37:04 freebsd slapd[4200]: conn=1004 fd=9 closed (connection lost)
--- JET JETASIK