(RADIATOR) Bad password with OpenLDAP 2.0.11 & Radiator 2.15... Please help me
Faez Itrat
faez at sat.net.pk
Wed Jul 18 08:28:09 CDT 2001
Hi,
It seems u hv defined a client secret other then the default one.....add it in
radpwtst with -secret option
i.e.
./radpwtst -user (user) -password (password) -secret (secret)
Regards,
Faez
sajida kalsoom wrote:
> Hi user!
> can some one please help me ...I am facing a problem in authenticating user
> with open ldap and radiator server. I have added the user in ldap server
> with these configuration :
>
> dn: cn=abid,dc=advcomm,dc=com
> cn: abid
> sn: ali
> uid: abid
> userPassword: advcomm299902
> objectClass: inetOrgPerson
>
> when i run radpwtst I get the following error:
>
> ./radpwtst -user abid -password advcomm299902
> sending Access-Request...
> Bad authenticator
> sending Accounting-Request Start...
> No reply
> sending Accounting-Request Stop...
> No reply
>
> and in radiator server logs i get ...
> bash-2.03# ./radiusd --config_file=goodies/ldap.cfg
> Tue Jul 17 22:50:55 2001: INFO: Server started: Radiator 2.15
> Tue Jul 17 22:53:34 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32895 ....
> Code: Access-Request
> Identifier: 213
> Authentic: 1234567890123456
> Attributes:
> User-Name = "abid"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<152><239>)<206><192>1i<196><133><1>0<144><234>}x<153>"
>
> Tue Jul 17 22:53:34 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jul 17 22:53:34 2001: DEBUG: Deleting session for abid, 203.63.154.1,
> 1234
> Tue Jul 17 22:53:34 2001: DEBUG: Handling with Radius::AuthLDAP2
> Tue Jul 17 22:53:34 2001: DEBUG: Connecting to 192.168.0.120, port 389
> Net::LDAP=HASH(0x534c20) sending:
>
> 30 2E 02 01 01 60 29 02 01 02 04 1C 63 6E 3D 4D 0....`).....cn=M
> 61 6E 61 67 65 72 2C 64 63 3D 61 64 76 63 6F 6D anager,dc=advcom
> 6D 2C 64 63 3D 63 6F 6D 80 06 73 65 63 72 65 74 m,dc=com..secret
>
> 0000 30 46: SEQUENCE {
> 0002 02 1: INTEGER = 1
> 0005 60 41: [APPLICATION 0] {
> 0007 02 1: INTEGER = 2
> 000A 04 28: STRING = 'cn=Manager,dc=advcomm,dc=com'
> 0028 80 6: [CONTEXT 0]
> 002A : 73 65 63 72 65 74 __ __ __ __ __ __ __ __ __ __ secret
> 0030 : }
> 0030 : }
> Net::LDAP=HASH(0x534c20) received:
>
> 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>
> 0000 30 12: SEQUENCE {
> 0002 02 1: INTEGER = 1
> 0005 61 7: [APPLICATION 1] {
> 0007 0A 1: ENUM = 0
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E : }
> Net::LDAP=HASH(0x534c20) sending:
>
> 30 44 02 01 02 63 3F 04 11 64 63 3D 61 64 76 63 0D...c?..dc=advc
> 6F 6D 6D 2C 64 63 3D 63 6F 6D 0A 01 02 0A 01 02 omm,dc=com......
> 02 01 00 02 01 00 01 01 00 A3 0B 04 03 75 69 64 .............uid
> 04 04 61 62 69 64 30 0E 04 0C 75 73 65 72 50 61 ..abid0...userPa
> 73 73 77 6F 72 64 __ __ __ __ __ __ __ __ __ __ ssword
>
> 0000 30 68: SEQUENCE {
> 0002 02 1: INTEGER = 2
> 0005 63 63: [APPLICATION 3] {
> 0007 04 17: STRING = 'dc=advcomm,dc=com'
> 001A 0A 1: ENUM = 2
> 001D 0A 1: ENUM = 2
> 0020 02 1: INTEGER = 0
> 0023 02 1: INTEGER = 0
> 0026 01 1: BOOLEAN = FALSE
> 0029 A3 11: [CONTEXT 3] {
> 002B 04 3: STRING = 'uid'
> 0030 04 4: STRING = 'abid'
> 0036 : }
> 0036 30 14: SEQUENCE {
> 0038 04 12: STRING = 'userPassword'
> 0046 : }
> 0046 : }
> 0046 : }
> Net::LDAP=HASH(0x534c20) received:
>
> 30 43 02 01 02 64 3E 04 19 63 6E 3D 61 62 69 64 0C...d>..cn=abid
> 2C 64 63 3D 61 64 76 63 6F 6D 6D 2C 64 63 3D 63 ,dc=advcomm,dc=c
> 6F 6D 30 21 30 1F 04 0C 75 73 65 72 50 61 73 73 om0!0...userPass
> 77 6F 72 64 31 0F 04 0D 61 64 76 63 6F 6D 6D 32 word1...advcomm2
> 39 39 39 30 32 __ __ __ __ __ __ __ __ __ __ __ 99902
>
> 0000 30 67: SEQUENCE {
> 0002 02 1: INTEGER = 2
> 0005 64 62: [APPLICATION 4] {
> 0007 04 25: STRING = 'cn=abid,dc=advcomm,dc=com'
> 0022 30 33: SEQUENCE {
> 0024 30 31: SEQUENCE {
> 0026 04 12: STRING = 'userPassword'
> 0034 31 15: SET {
> 0036 04 13: STRING = 'advcomm299902'
> 0045 : }
> 0045 : }
> 0045 : }
> 0045 : }
> 0045 : }
> Net::LDAP=HASH(0x534c20) received:
>
> 30 0C 02 01 02 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>
> 0000 30 12: SEQUENCE {
> 0002 02 1: INTEGER = 2
> 0005 65 7: [APPLICATION 5] {
> 0007 0A 1: ENUM = 0
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E : }
> Tue Jul 17 22:53:34 2001: DEBUG: LDAP got result for
> cn=abid,dc=advcomm,dc=com
> Tue Jul 17 22:53:34 2001: DEBUG: LDAP got userPassword: advcomm299902
> Tue Jul 17 22:53:34 2001: DEBUG: Radius::AuthLDAP2 looks for match with abid
> Tue Jul 17 22:53:34 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Tue Jul 17 22:53:34 2001: DEBUG: Connecting to 192.168.0.120, port 389
> Net::LDAP=HASH(0x54bda0) sending:
>
> 30 2E 02 01 03 60 29 02 01 02 04 1C 63 6E 3D 4D 0....`).....cn=M
> 61 6E 61 67 65 72 2C 64 63 3D 61 64 76 63 6F 6D anager,dc=advcom
> 6D 2C 64 63 3D 63 6F 6D 80 06 73 65 63 72 65 74 m,dc=com..secret
>
> 0000 30 46: SEQUENCE {
> 0002 02 1: INTEGER = 3
> 0005 60 41: [APPLICATION 0] {
> 0007 02 1: INTEGER = 2
> 000A 04 28: STRING = 'cn=Manager,dc=advcomm,dc=com'
> 0028 80 6: [CONTEXT 0]
> 002A : 73 65 63 72 65 74 __ __ __ __ __ __ __ __ __ __ secret
> 0030 : }
> 0030 : }
> Net::LDAP=HASH(0x54bda0) received:
>
> 30 0C 02 01 03 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
>
> 0000 30 12: SEQUENCE {
> 0002 02 1: INTEGER = 3
> 0005 61 7: [APPLICATION 1] {
> 0007 0A 1: ENUM = 0
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E : }
> Net::LDAP=HASH(0x54bda0) sending:
>
> 30 47 02 01 04 63 42 04 11 64 63 3D 61 64 76 63 0G...cB..dc=advc
> 6F 6D 6D 2C 64 63 3D 63 6F 6D 0A 01 02 0A 01 02 omm,dc=com......
> 02 01 00 02 01 00 01 01 00 A3 0E 04 03 75 69 64 .............uid
> 04 07 44 45 46 41 55 4C 54 30 0E 04 0C 75 73 65 ..DEFAULT0...use
> 72 50 61 73 73 77 6F 72 64 __ __ __ __ __ __ __ rPassword
>
> 0000 30 71: SEQUENCE {
> 0002 02 1: INTEGER = 4
> 0005 63 66: [APPLICATION 3] {
> 0007 04 17: STRING = 'dc=advcomm,dc=com'
> 001A 0A 1: ENUM = 2
> 001D 0A 1: ENUM = 2
> 0020 02 1: INTEGER = 0
> 0023 02 1: INTEGER = 0
> 0026 01 1: BOOLEAN = FALSE
> 0029 A3 14: [CONTEXT 3] {
> 002B 04 3: STRING = 'uid'
> 0030 04 7: STRING = 'DEFAULT'
> 0039 : }
> 0039 30 14: SEQUENCE {
> 003B 04 12: STRING = 'userPassword'
> 0049 : }
> 0049 : }
> 0049 : }
> Net::LDAP=HASH(0x54bda0) received:
>
> 30 0C 02 01 04 65 07 0A 01 00 04 00 04 00 __ __ 0....e........
>
> 0000 30 12: SEQUENCE {
> 0002 02 1: INTEGER = 4
> 0005 65 7: [APPLICATION 5] {
> 0007 0A 1: ENUM = 0
> 000A 04 0: STRING = ''
> 000C 04 0: STRING = ''
> 000E : }
> 000E : }
> Tue Jul 17 22:53:35 2001: DEBUG: No entries for DEFAULT found in LDAP
> database
> Tue Jul 17 22:53:35 2001: INFO: Access rejected for abid: Bad Password
> Tue Jul 17 22:53:35 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32895 ....
> Code: Access-Reject
> Identifier: 213
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> Tue Jul 17 22:53:35 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32895 ....
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list