(RADIATOR) Help with LDAP auth
Elias
akelias at tm.net.my
Wed Sep 19 03:50:10 CDT 2001
Hi Hugh,
I'm running Radiator 2.18.2 with perl-ldap-0.24
- Elias -
---- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Elias" <akelias at tm.net.my>; <radiator at open.com.au>
Sent: Wednesday, September 19, 2001 4:22 PM
Subject: Re: (RADIATOR) Help with LDAP auth
>
> Hello Elias -
>
> Could you tell me what version of Radiator you are running?
>
> thanks
>
> Hugh
>
>
> On Wednesday 19 September 2001 13:04, Elias wrote:
>
> > > Hi Hugh,
> >
> > I'm experimenting with LDAP for authentication and seem to be stuck. I'm
> > totally new to LDAP and hence am not sure if the problem's with LDAP or
my
> > Radiator config. The authentication seems to work if I supply the
> > additional parameter ServerChecksPassword. If I omit this, Radiator will
> > return a "No such user" message all the time. I've included a sample of
my
> > config and also the usual trace 4 output. BTW, I don't know if this is
> > important or not, the password is stored as either userpassword:
{SHA}xxxxx
> > xx or userpassword: {crypt}xxxxxxxxx. The password differs depending on
> > when the user was created. Thanks !
> >
> >
> >
> > ------------------ ldap config ---------------------
> >
> > <Handler Realm=ldap>
> > RejectHasReason
> > RewriteUsername s/^([^@]+).*/$1/
> >
> > <AuthBy LDAP2>
> > Host ldaptest
> > BaseDN %0=%1,ou=People,o=tm.net.my,o=isp
> >
> > # This is the attribute to match the radius user name
> > UsernameAttr uid
> > PasswordAttr userpassword
> > #ServerChecksPassword
> >
> > AddToReply Framed-Protocol = PPP,\
> > Framed-IP-Netmask = 255.255.255.255,\
> > Framed-Routing = None,\
> > Framed-MTU = 1500,\
> > Framed-Compression = Van-Jacobson-TCP-IP
> > </AuthBy>
> > </Handler>
> >
> > ---------------- trace 4 output (without the ServerChecksPassword
option)
> > ---------------- Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 60377 ....
> > Code: Access-Request
> > Identifier: 206
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "anuar at ldap"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
> >
> > Wed Sep 19 10:28:57 2001: DEBUG: Check if Handler Realm=tm.net.my should
be
> > used to handle this request Wed Sep 19 10:28:57 2001: DEBUG: Check if
> > Handler Realm=sql should be used to handle this request Wed Sep 19
10:28:57
> > 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> > request Wed Sep 19 10:28:57 2001: DEBUG: Handling request with Handler
> > 'Realm=ldap' Wed Sep 19 10:28:57 2001: DEBUG: Rewrote user name to anuar
> > Wed Sep 19 10:28:57 2001: DEBUG: Deleting session for anuar at ldap,
> > 203.63.154.1, 1234 Wed Sep 19 10:28:57 2001: DEBUG: Handling with
> > Radius::AuthLDAP2
> > Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest, port 389
> > Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> > Wed Sep 19 10:28:57 2001: DEBUG: No entries for anuar found in LDAP
> > database Wed Sep 19 10:28:57 2001: DEBUG: Radius::AuthLDAP2 looks for
match
> > with anuar Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest, port
> > 389
> > Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> > Wed Sep 19 10:28:57 2001: ERR: ldap search failed with error
> > LDAP_NO_SUCH_OBJECT. Wed Sep 19 10:28:57 2001: INFO: Access rejected for
> > anuar: No such user Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 60377 ....
> > Code: Access-Reject
> > Identifier: 206
> > Authentic: 1234567890123456
> > Attributes:
> > Reply-Message = "No such user"
> >
> >
> > -------------------- trace 4 output (with the ServerChecksPassword
option)
> > ---------------------
> >
> > Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 60398 ....
> > Code: Access-Request
> > Identifier: 141
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "anuar at ldap"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
> >
> > Wed Sep 19 10:32:06 2001: DEBUG: Check if Handler Realm=tm.net.my should
be
> > used to handle this request Wed Sep 19 10:32:06 2001: DEBUG: Check if
> > Handler Realm=sql should be used to handle this request Wed Sep 19
10:32:06
> > 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> > request Wed Sep 19 10:32:06 2001: DEBUG: Handling request with Handler
> > 'Realm=ldap' Wed Sep 19 10:32:06 2001: DEBUG: Rewrote user name to anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: Deleting session for anuar at ldap,
> > 203.63.154.1, 1234 Wed Sep 19 10:32:06 2001: DEBUG: Handling with
> > Radius::AuthLDAP2
> > Wed Sep 19 10:32:06 2001: DEBUG: Connecting to ldaptest, port 389
> > Wed Sep 19 10:32:06 2001: DEBUG: Attempting to bind with ,
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got result for
uid=anuar,ou=People,
> > o=tm.net.my, o=isp Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailhost:
> > tm.net.my
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got maildeliveryoption: mailbox
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailuserstatus: active
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mail: anuar at tm.net.my
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got objectclass: top person
> > organizationalPerson inetorgperson inetUsere Wed Sep 19 10:32:06 2001:
> > DEBUG: LDAP got inetuserstatus: active
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got cn: anuar anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got uid: anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got datasource: iPlanet Messaging
> > Server 5.0 Admin Console Wed Sep 19 10:32:06 2001: DEBUG: LDAP got
> > givenname: anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got sn: anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got creatorsname:
> > uid=admin,ou=Administrators,ou=TopologyManagement,o=Nt Wed Sep 19
10:32:06
> > 2001: DEBUG: LDAP got modifiersname:
> > uid=admin,ou=Administrators,ou=TopologyManagement,o=t Wed Sep 19
10:32:06
> > 2001: DEBUG: LDAP got createtimestamp: 20010813065909Z Wed Sep 19
10:32:06
> > 2001: DEBUG: LDAP got modifytimestamp: 20010813065909Z Wed Sep 19
10:32:06
> > 2001: DEBUG: Radius::AuthLDAP2 looks for match with anuar Wed Sep 19
> > 10:32:06 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
> > Wed Sep 19 10:32:06 2001: DEBUG: Access accepted for anuar
> > Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 60398 ....
> > Code: Access-Accept
> > Identifier: 141
> > Authentic: 1234567890123456
> > Attributes:
> > Framed-Protocol = PPP
> > Framed-IP-Netmask = 255.255.255.255
> > Framed-Routing = None
> > Framed-MTU = 1500
> > Framed-Compression = Van-Jacobson-TCP-IP
> >
> >
> > - Elias -
>
> ----------------------------------------
> Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
> Content-Transfer-Encoding: 7BIT
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list