(RADIATOR) (Radiator) Problem with

Hugh Irvine hugh at open.com.au
Tue Feb 5 17:33:36 CST 2002


Hello Allister -

I will need to see a copy of the trace 4 debug.

thanks

Hugh


On Tue, 5 Feb 2002 20:07, Allister Maguire wrote:
> Hello,
>
> We are testing radiator with LDAP to Active Directory, the problem is
> Radiator seems to drop authentication attempts. What we have found,
> Radiator Trace level 4, dialin with a couple of test clients, first
> client fails due to no such user (this is correct, we see Access-Reject
> on screen), second client fails with "Error 691: Access was denied
> because the username and/or password was invaild on the domain." (This
> is incorrect, username and password are correct. Also no Access-Request
> or Access-Reject show up). Try again it works, it seems to be a timing
> issue with mutliple attempts.
>
> We are using the demo of Radiator on Debian 2.2r5, client are Windows
> XP, AD on Windows 2000 Advanced Server and Test RAS is Ascend 4000.
>
> Would this be a problem with our test NAS, Radiator, the server
> Ratiator's on, or Active Directory?
>
> Can anyone help.
>
> Thanks
>
> Allister Maguire
>
>
>
>
> # ad-ldap.cfg
> #
> # Example Radiator configuration file for authenticating from
> # Active Directory via LDAP2, possibly from a Unix host.
> #
> # This very simple file will allow you to get started with
> # a simple LDAP authentication system from AD.
> #
> # We suggest you start simple, prove to yourself that it
> # works and then develop a more complicated configuration.
> #
> #
> # You should consider this file to be a starting point only
> # $Id: ad-ldap.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp $
>
> Foreground
> LogStdout
> LogDir          /var/log/radacct/radius
> DbDir           .
> Trace           4
> LogFile         %L/%Y-logfile
>
> DictionaryFile /home/amaguire/Radiator/dictionary.ascend
>
>
> # You will probably want to add other Clients to suit your site.
> <Client localhost>
>         Secret  mysecret
>         DupInterval 0
> </Client>
>
> <Client 192.168.0.11>
>         Secret  XXXXX
>         DupInterval 0
> </Client>
>
> # Authenticates users in the Organisational Unit called 'csx users'
> # The user name coming from the NAS must match the sAMAccountName
> # attribute of a user in that OU./ Users that are not in 'csx users'
> # will not be able to log in.
> <Realm DEFAULT>
>         <AuthBy LDAP2>
>                 Host            192.168.0.6
>                 AuthDN cn=Proxy User,ou=Resources,ou=Globe.Net
> Communications Ltd,dc=gnc,dc=net,dc=nz
> #               AuthPassword    yourADadminpasswordhere
>                 AuthPassword    XXXXX
>                 BaseDN          ou=People,ou=Globe.Net Communications
> Ltd,dc=gnc,dc=net,dc=nz
>                 UsernameAttr sAMAccountName
> #               PasswordAttr msSFUPassword
>                 # Password checking is performed using an LDAP bind
> operation.
>                 ServerChecksPassword
>
>                 # TCP connection timeout period, for LDAP server.
>                 Timeout 2
>
>                 AddToReply Service-Type = Framed-User,\
>                         Framed-Protocol = PPP,\
>                         Framed-Netmask = 255.255.255.255,\
>                         Framed-Routing = None,\
>                         Framed-Compression = Van-Jacobson-TCP-IP,\
>                         Ascend-Maximum-Channels = 1
>
>                 AuthAttrDef radiusIdleTimeout,Ascend-Idle-Limit,reply
>                 AuthAttrDef
> radiusSessionTimeout,Ascend-Maximum-Time,reply
>                 AuthAttrDef radiusCallingStationID,Caller-Id,check
> #               AuthAttrDef radiusCalledStationID,,check
>                 AuthAttrDef radiusNASPortType,NAS-Port-Type,check
>
>                 # Reply with all the items in replyitems
> #               ReplyAttr radiusConnectionAttributes
>
>         </AuthBy>
>         AcctLogFileName %L/%Y-%v-detail
> </Realm>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list