(RADIATOR) Authentication problem with Radiator 2.19 and OpenLDAP 2.0.28
Hugh Irvine
hugh at open.com.au
Mon Feb 18 16:56:18 CST 2002
Hello Mike, Hello Stephen -
Mike is correct, a NoDefault usually fixes this problem, which is due to the
LDAP server incorrectly returning a result for DEFAULT if it is not found.
Radiator by default will always look for "DEFAULT" entries in the user
database, but this can be altered with the "NoDefault" tag.
regards
Hugh
On Tue, 19 Feb 2002 04:36, Forbes Mike wrote:
> I ran into this problem also, you need to add the line NoDefault
> to your LDAP Authby. See 6.17.12 in the manual. I am not quite sure why
> I did this now, but it seems to work. If it does not find the user it
> then tries the DEFAULT user.
>
> Mike Forbes
>
> On Mon, 18 Feb 2002, Stephen Davies wrote:
> > Hi,
> >
> > I am trying to set radiator to authenticate against and OpenLDAP database
> > version 2.0.28
> >
> > Openldap is working fine with everything else, including my telnet and
> > webmail (written in perl) access.
> >
> > When I try to run radpwtst I get the error in the logfile as:
> >
> > *** Received from 127.0.0.1 port 46475 ....
> > Code: Access-Request
> > Identifier: 118
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "stephen"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> > "<250><5>p<185><25><233>$<168>qd<2><25>z%<133><129>"
> >
> > Mon Feb 18 16:49:13 2002: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT' Mon Feb 18 16:49:13 2002: DEBUG: Deleting session for
> > stephen, 203.63.154.1, 12 34
> > Mon Feb 18 16:49:13 2002: DEBUG: Handling with Radius::AuthLDAP2:
> > Mon Feb 18 16:49:13 2002: INFO: Connecting to ldap.brightonline.com.au,
> > port 389 Mon Feb 18 16:49:13 2002: INFO: Attempting to bind with
> > cn=XXXXX,dc=brightonline ,dc=com,dc=au, XXXXXXX (server
> > ldap.brightonline.com.au:389)
> > Mon Feb 18 16:49:13 2002: DEBUG: LDAP got result for uid=stephen,
> > ou=Brighteam, dc=brightonline, dc=com, dc=au
> > Mon Feb 18 16:49:13 2002: DEBUG: LDAP got userPassword:
> > {CRYPT}s4LYe7mPaoXHA Mon Feb 18 16:49:13 2002: DEBUG: Radius::AuthLDAP2
> > looks for match with stephen Mon Feb 18 16:49:13 2002: DEBUG:
> > Radius::AuthLDAP2 REJECT: Bad Password Mon Feb 18 16:49:13 2002: INFO:
> > Connecting to ldap.brightonline.com.au, port 389 Mon Feb 18 16:49:13
> > 2002: INFO: Attempting to bind with cn=admin,dc=brightonline
> > ,dc=com,dc=au, witchhunt (server ldap.brightonline.com.au:389)
> > Mon Feb 18 16:49:13 2002: DEBUG: No entries for DEFAULT found in LDAP
> > database Mon Feb 18 16:49:13 2002: INFO: Access rejected for stephen: Bad
> > Password Mon Feb 18 16:49:13 2002: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 46475 ....
> > Code: Access-Reject
> > Identifier: 118
> > Authentic: 1234567890123456
> > Attributes:
> > Reply-Message = "Request Denied"
> >
> >
> > LDAP portion of radius.cfg file reads as:
> >
> > <AuthBy LDAP2>
> > ServerChecksPassword
> >
> > Host ldap.brightonline.com.au
> > Port 389
> > AuthDN cn=XXXXX, dc=brightonline,dc=com,dc=au
> > AuthPassword XXXXXXX
> > BaseDN dc=brightonline,dc=com,dc=au
> > UsernameAttr uid
> > PasswordAttr userPassword
> > </AuthBy>
> >
> >
> > I have also tried SeverChecksPassword off, and EncryptedPasswordAttr
> > instead of PasswordAttr
> >
> > Some suggestions on the list have been setting the -secret. This has been
> > done.
> >
> >
> > My environment is:
> > perl 5.6.1
> > perl-ldap 0.25
> > radiator 2.19
> > openldap 2.0.28
> >
> > Regards
> >
> > Stephen
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list