(RADIATOR) Help with LDAP auth

Hugh Irvine hugh at open.com.au
Wed Sep 19 03:22:05 CDT 2001


Hello Elias -

Could you tell me what version of Radiator you are running?

thanks

Hugh


On Wednesday 19 September 2001 13:04, Elias wrote:

> > Hi Hugh,
>
> I'm experimenting with LDAP for authentication and seem to be stuck. I'm
> totally new to LDAP and hence am not sure if the problem's with LDAP or my
> Radiator config. The authentication seems to work if I supply the
> additional parameter ServerChecksPassword. If I omit this, Radiator will
> return a "No such user" message all the time. I've included a sample of my
> config and also the usual trace 4 output.  BTW, I don't know if this is
> important or not, the password is stored as either userpassword: {SHA}xxxxx
> xx or userpassword: {crypt}xxxxxxxxx. The password differs depending on
> when the user was created. Thanks !
>
>
>
> ------------------ ldap config ---------------------
>
> <Handler Realm=ldap>
>         RejectHasReason
>         RewriteUsername s/^([^@]+).*/$1/
>
>          <AuthBy LDAP2>
>                 Host            ldaptest
>                 BaseDN       %0=%1,ou=People,o=tm.net.my,o=isp
>
>                 # This is the attribute to match the radius user name
>                 UsernameAttr    uid
>                 PasswordAttr    userpassword
>                 #ServerChecksPassword
>
>                 AddToReply Framed-Protocol = PPP,\
>                         Framed-IP-Netmask = 255.255.255.255,\
>                         Framed-Routing = None,\
>                         Framed-MTU = 1500,\
>                         Framed-Compression = Van-Jacobson-TCP-IP
>         </AuthBy>
> </Handler>
>
> ---------------- trace 4 output (without the ServerChecksPassword option)
> ---------------- Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 60377 ....
> Code:       Access-Request
> Identifier: 206
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "anuar at ldap"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
>
> Wed Sep 19 10:28:57 2001: DEBUG: Check if Handler Realm=tm.net.my should be
> used to handle this request Wed Sep 19 10:28:57 2001: DEBUG: Check if
> Handler Realm=sql should be used to handle this request Wed Sep 19 10:28:57
> 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> request Wed Sep 19 10:28:57 2001: DEBUG: Handling request with Handler
> 'Realm=ldap' Wed Sep 19 10:28:57 2001: DEBUG: Rewrote user name to anuar
> Wed Sep 19 10:28:57 2001: DEBUG:  Deleting session for anuar at ldap,
> 203.63.154.1, 1234 Wed Sep 19 10:28:57 2001: DEBUG: Handling with
> Radius::AuthLDAP2
> Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest, port 389
> Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> Wed Sep 19 10:28:57 2001: DEBUG: No entries for anuar found in LDAP
> database Wed Sep 19 10:28:57 2001: DEBUG: Radius::AuthLDAP2 looks for match
> with anuar Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest, port
> 389
> Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> Wed Sep 19 10:28:57 2001: ERR: ldap search failed with error
> LDAP_NO_SUCH_OBJECT. Wed Sep 19 10:28:57 2001: INFO: Access rejected for
> anuar: No such user Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 60377 ....
> Code:       Access-Reject
> Identifier: 206
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "No such user"
>
>
> -------------------- trace 4 output (with the ServerChecksPassword option)
> ---------------------
>
> Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 60398 ....
> Code:       Access-Request
> Identifier: 141
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "anuar at ldap"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
>
> Wed Sep 19 10:32:06 2001: DEBUG: Check if Handler Realm=tm.net.my should be
> used to handle this request Wed Sep 19 10:32:06 2001: DEBUG: Check if
> Handler Realm=sql should be used to handle this request Wed Sep 19 10:32:06
> 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> request Wed Sep 19 10:32:06 2001: DEBUG: Handling request with Handler
> 'Realm=ldap' Wed Sep 19 10:32:06 2001: DEBUG: Rewrote user name to anuar
> Wed Sep 19 10:32:06 2001: DEBUG:  Deleting session for anuar at ldap,
> 203.63.154.1, 1234 Wed Sep 19 10:32:06 2001: DEBUG: Handling with
> Radius::AuthLDAP2
> Wed Sep 19 10:32:06 2001: DEBUG: Connecting to ldaptest, port 389
> Wed Sep 19 10:32:06 2001: DEBUG: Attempting to bind with ,
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got result for uid=anuar,ou=People,
> o=tm.net.my, o=isp Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailhost:
> tm.net.my
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got maildeliveryoption: mailbox
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailuserstatus: active
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mail: anuar at tm.net.my
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got objectclass: top person
> organizationalPerson inetorgperson inetUsere Wed Sep 19 10:32:06 2001:
> DEBUG: LDAP got inetuserstatus: active
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got cn: anuar anuar
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got uid: anuar
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got datasource: iPlanet Messaging
> Server 5.0 Admin Console Wed Sep 19 10:32:06 2001: DEBUG: LDAP got
> givenname: anuar
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got sn: anuar
> Wed Sep 19 10:32:06 2001: DEBUG: LDAP got creatorsname:
> uid=admin,ou=Administrators,ou=TopologyManagement,o=Nt Wed Sep 19 10:32:06
> 2001: DEBUG: LDAP got modifiersname:
> uid=admin,ou=Administrators,ou=TopologyManagement,o=t Wed Sep 19 10:32:06
> 2001: DEBUG: LDAP got createtimestamp: 20010813065909Z Wed Sep 19 10:32:06
> 2001: DEBUG: LDAP got modifytimestamp: 20010813065909Z Wed Sep 19 10:32:06
> 2001: DEBUG: Radius::AuthLDAP2 looks for match with anuar Wed Sep 19
> 10:32:06 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Wed Sep 19 10:32:06 2001: DEBUG: Access accepted for anuar
> Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 60398 ....
> Code:       Access-Accept
> Identifier: 141
> Authentic:  1234567890123456
> Attributes:
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
>
>
> - Elias -

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: 7BIT
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list