(RADIATOR) Authentication problem with Radiator 2.19 and OpenLDAP 2.0.28

Forbes Mike Mike.Forbes at Colorado.EDU
Mon Feb 18 11:36:57 CST 2002 

I ran into this problem also, you need to add the line NoDefault
to your LDAP  Authby. See 6.17.12 in the manual.  I am not quite sure why
I did this now, but it seems to work.  If it does not find the user it
then tries the DEFAULT user.

Mike Forbes


On Mon, 18 Feb 2002, Stephen Davies wrote:

> Hi,
>
> I am trying to set radiator to authenticate against and OpenLDAP database version 2.0.28
>
> Openldap is working fine with everything else, including my telnet and webmail (written in perl) access.
>
> When I try to run radpwtst I get the error in the logfile as:
>
> *** Received from 127.0.0.1 port 46475 ....
> Code:       Access-Request
> Identifier: 118
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "stephen"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = "<250><5>p<185><25><233>$<168>qd<2><25>z%<133><129>"
>
> Mon Feb 18 16:49:13 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Mon Feb 18 16:49:13 2002: DEBUG:  Deleting session for stephen, 203.63.154.1, 12
> 34
> Mon Feb 18 16:49:13 2002: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Feb 18 16:49:13 2002: INFO: Connecting to ldap.brightonline.com.au, port 389
> Mon Feb 18 16:49:13 2002: INFO: Attempting to bind with cn=XXXXX,dc=brightonline
> ,dc=com,dc=au, XXXXXXX (server ldap.brightonline.com.au:389)
> Mon Feb 18 16:49:13 2002: DEBUG: LDAP got result for uid=stephen, ou=Brighteam,
> dc=brightonline, dc=com, dc=au
> Mon Feb 18 16:49:13 2002: DEBUG: LDAP got userPassword: {CRYPT}s4LYe7mPaoXHA
> Mon Feb 18 16:49:13 2002: DEBUG: Radius::AuthLDAP2 looks for match with stephen
> Mon Feb 18 16:49:13 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Mon Feb 18 16:49:13 2002: INFO: Connecting to ldap.brightonline.com.au, port 389
> Mon Feb 18 16:49:13 2002: INFO: Attempting to bind with cn=admin,dc=brightonline
> ,dc=com,dc=au, witchhunt (server ldap.brightonline.com.au:389)
> Mon Feb 18 16:49:13 2002: DEBUG: No entries for DEFAULT found in LDAP database
> Mon Feb 18 16:49:13 2002: INFO: Access rejected for stephen: Bad Password
> Mon Feb 18 16:49:13 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 46475 ....
> Code:       Access-Reject
> Identifier: 118
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
>
>
> LDAP portion of radius.cfg file reads as:
>
>        <AuthBy LDAP2>
>                ServerChecksPassword
>
>                Host            ldap.brightonline.com.au
>                Port            389
>                AuthDN          cn=XXXXX, dc=brightonline,dc=com,dc=au
>                AuthPassword    XXXXXXX
>                BaseDN          dc=brightonline,dc=com,dc=au
>                UsernameAttr    uid
>                PasswordAttr    userPassword
>        </AuthBy>
>
>
> I have also tried SeverChecksPassword off, and EncryptedPasswordAttr instead of PasswordAttr
>
> Some suggestions on the list have been setting the -secret. This has been done.
>
>
> My environment is:
> perl 5.6.1
> perl-ldap 0.25
> radiator 2.19
> openldap 2.0.28
>
> Regards
>
> Stephen
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list