(RADIATOR) Help with LDAP auth

Hugh Irvine hugh at open.com.au
Wed Sep 19 19:27:49 CDT 2001


Hello Elias -

Note the following fix in Radiator 2.18.3 ("doc/history.html").

	In AuthBy LDAP, HoldServerConnection worked in 
	reverse to the correct behaviour. 

The latest version is Radiator 2.18.4.

regards

Hugh


On Wednesday 19 September 2001 18:50, Elias wrote:
> Hi Hugh,
>
> I'm running Radiator 2.18.2 with  perl-ldap-0.24
>
> - Elias -
>
> ---- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Elias" <akelias at tm.net.my>; <radiator at open.com.au>
> Sent: Wednesday, September 19, 2001 4:22 PM
> Subject: Re: (RADIATOR) Help with LDAP auth
>
> > Hello Elias -
> >
> > Could you tell me what version of Radiator you are running?
> >
> > thanks
> >
> > Hugh
> >
> > On Wednesday 19 September 2001 13:04, Elias wrote:
> > > > Hi Hugh,
> > >
> > > I'm experimenting with LDAP for authentication and seem to be stuck.
> > > I'm totally new to LDAP and hence am not sure if the problem's with
> > > LDAP or
>
> my
>
> > > Radiator config. The authentication seems to work if I supply the
> > > additional parameter ServerChecksPassword. If I omit this, Radiator
> > > will return a "No such user" message all the time. I've included a
> > > sample of
>
> my
>
> > > config and also the usual trace 4 output.  BTW, I don't know if this is
> > > important or not, the password is stored as either userpassword:
>
> {SHA}xxxxx
>
> > > xx or userpassword: {crypt}xxxxxxxxx. The password differs depending on
> > > when the user was created. Thanks !
> > >
> > >
> > >
> > > ------------------ ldap config ---------------------
> > >
> > > <Handler Realm=ldap>
> > >         RejectHasReason
> > >         RewriteUsername s/^([^@]+).*/$1/
> > >
> > >          <AuthBy LDAP2>
> > >                 Host            ldaptest
> > >                 BaseDN       %0=%1,ou=People,o=tm.net.my,o=isp
> > >
> > >                 # This is the attribute to match the radius user name
> > >                 UsernameAttr    uid
> > >                 PasswordAttr    userpassword
> > >                 #ServerChecksPassword
> > >
> > >                 AddToReply Framed-Protocol = PPP,\
> > >                         Framed-IP-Netmask = 255.255.255.255,\
> > >                         Framed-Routing = None,\
> > >                         Framed-MTU = 1500,\
> > >                         Framed-Compression = Van-Jacobson-TCP-IP
> > >         </AuthBy>
> > > </Handler>
> > >
> > > ---------------- trace 4 output (without the ServerChecksPassword
>
> option)
>
> > > ---------------- Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 60377 ....
> > > Code:       Access-Request
> > > Identifier: 206
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         User-Name = "anuar at ldap"
> > >         Service-Type = Framed-User
> > >         NAS-IP-Address = 203.63.154.1
> > >         NAS-Port = 1234
> > >         Called-Station-Id = "123456789"
> > >         Calling-Station-Id = "987654321"
> > >         NAS-Port-Type = Async
> > >         User-Password =
> > > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
> > >
> > > Wed Sep 19 10:28:57 2001: DEBUG: Check if Handler Realm=tm.net.my
> > > should
>
> be
>
> > > used to handle this request Wed Sep 19 10:28:57 2001: DEBUG: Check if
> > > Handler Realm=sql should be used to handle this request Wed Sep 19
>
> 10:28:57
>
> > > 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> > > request Wed Sep 19 10:28:57 2001: DEBUG: Handling request with Handler
> > > 'Realm=ldap' Wed Sep 19 10:28:57 2001: DEBUG: Rewrote user name to
> > > anuar Wed Sep 19 10:28:57 2001: DEBUG:  Deleting session for
> > > anuar at ldap, 203.63.154.1, 1234 Wed Sep 19 10:28:57 2001: DEBUG:
> > > Handling with Radius::AuthLDAP2
> > > Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest, port 389
> > > Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> > > Wed Sep 19 10:28:57 2001: DEBUG: No entries for anuar found in LDAP
> > > database Wed Sep 19 10:28:57 2001: DEBUG: Radius::AuthLDAP2 looks for
>
> match
>
> > > with anuar Wed Sep 19 10:28:57 2001: DEBUG: Connecting to ldaptest,
> > > port 389
> > > Wed Sep 19 10:28:57 2001: DEBUG: Attempting to bind with ,
> > > Wed Sep 19 10:28:57 2001: ERR: ldap search failed with error
> > > LDAP_NO_SUCH_OBJECT. Wed Sep 19 10:28:57 2001: INFO: Access rejected
> > > for anuar: No such user Wed Sep 19 10:28:57 2001: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 60377 ....
> > > Code:       Access-Reject
> > > Identifier: 206
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         Reply-Message = "No such user"
> > >
> > >
> > > -------------------- trace 4 output (with the ServerChecksPassword
>
> option)
>
> > > ---------------------
> > >
> > > Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 60398 ....
> > > Code:       Access-Request
> > > Identifier: 141
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         User-Name = "anuar at ldap"
> > >         Service-Type = Framed-User
> > >         NAS-IP-Address = 203.63.154.1
> > >         NAS-Port = 1234
> > >         Called-Station-Id = "123456789"
> > >         Calling-Station-Id = "987654321"
> > >         NAS-Port-Type = Async
> > >         User-Password =
> > > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153>"
> > >
> > > Wed Sep 19 10:32:06 2001: DEBUG: Check if Handler Realm=tm.net.my
> > > should
>
> be
>
> > > used to handle this request Wed Sep 19 10:32:06 2001: DEBUG: Check if
> > > Handler Realm=sql should be used to handle this request Wed Sep 19
>
> 10:32:06
>
> > > 2001: DEBUG: Check if Handler Realm=ldap should be used to handle this
> > > request Wed Sep 19 10:32:06 2001: DEBUG: Handling request with Handler
> > > 'Realm=ldap' Wed Sep 19 10:32:06 2001: DEBUG: Rewrote user name to
> > > anuar Wed Sep 19 10:32:06 2001: DEBUG:  Deleting session for
> > > anuar at ldap, 203.63.154.1, 1234 Wed Sep 19 10:32:06 2001: DEBUG:
> > > Handling with Radius::AuthLDAP2
> > > Wed Sep 19 10:32:06 2001: DEBUG: Connecting to ldaptest, port 389
> > > Wed Sep 19 10:32:06 2001: DEBUG: Attempting to bind with ,
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got result for
>
> uid=anuar,ou=People,
>
> > > o=tm.net.my, o=isp Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailhost:
> > > tm.net.my
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got maildeliveryoption: mailbox
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mailuserstatus: active
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got mail: anuar at tm.net.my
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got objectclass: top person
> > > organizationalPerson inetorgperson inetUsere Wed Sep 19 10:32:06 2001:
> > > DEBUG: LDAP got inetuserstatus: active
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got cn: anuar anuar
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got uid: anuar
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got datasource: iPlanet Messaging
> > > Server 5.0 Admin Console Wed Sep 19 10:32:06 2001: DEBUG: LDAP got
> > > givenname: anuar
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got sn: anuar
> > > Wed Sep 19 10:32:06 2001: DEBUG: LDAP got creatorsname:
> > > uid=admin,ou=Administrators,ou=TopologyManagement,o=Nt Wed Sep 19
>
> 10:32:06
>
> > > 2001: DEBUG: LDAP got modifiersname:
> > > uid=admin,ou=Administrators,ou=TopologyManagement,o=t Wed Sep 19
>
> 10:32:06
>
> > > 2001: DEBUG: LDAP got createtimestamp: 20010813065909Z Wed Sep 19
>
> 10:32:06
>
> > > 2001: DEBUG: LDAP got modifytimestamp: 20010813065909Z Wed Sep 19
>
> 10:32:06
>
> > > 2001: DEBUG: Radius::AuthLDAP2 looks for match with anuar Wed Sep 19
> > > 10:32:06 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
> > > Wed Sep 19 10:32:06 2001: DEBUG: Access accepted for anuar
> > > Wed Sep 19 10:32:06 2001: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 60398 ....
> > > Code:       Access-Accept
> > > Identifier: 141
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         Framed-Protocol = PPP
> > >         Framed-IP-Netmask = 255.255.255.255
> > >         Framed-Routing = None
> > >         Framed-MTU = 1500
> > >         Framed-Compression = Van-Jacobson-TCP-IP
> > >
> > >
> > > - Elias -
> >
> > ----------------------------------------
> > Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
> > Content-Transfer-Encoding: 7BIT
> > Content-Description:
> > ----------------------------------------
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list