(RADIATOR) Problem with authentication using ldap

Ingvar Bjarnason ingvarbj at centrum.is
Wed Nov 27 11:48:26 CST 2002 

Hi everyone,

    When authenticating against LDAP I keep getting rejected with reason
"Bad Password" when connecting from a Cisco NAS.  radpwtst works fine
however.   Here is my bare bones config and the debug log.   I´m at the end
of my rope on this one, having read the reference materials, documents and
searched the archives to no avail.   The passwords are not encrypted in
LDAP, the secret is the same on the NAS and the radius server so it should
work ... but it doesn´t.   What am I doing wrong here ?

        Best regards,
                                    Ingvar

Ingvar Bjarnason
Network Engineer
Iceland Telecom


*************************Radiator config*************
LogDir          /var/log/radius
LogFile         /var/log/radius/radiuslog
DbDir           /etc/radiator
Trace           4
AuthPort 1812
AcctPort 1813

<Client 192.168.0.1>
        Secret  testing123
        DefaultRealm testing.is
</Client>

<Realm xxx>
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy LDAP2>
                NoDefault
                Host 192.168.0.2
                Port 389
                AuthDN *removed*
                AuthPassword testpass
                BaseDN *removed*
                UsernameAttr uid
                PasswordAttr clearTextPassword
                SearchFilter (&(serviceStatus=Active)(%0=%1))
        </AuthBy>
</Realm>
******************************************************

****************debuglog*******************************

Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
*** Received from 192.168.0.1 port 1645 ....
Code:       Access-Request
Identifier: 30
Authentic:  <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
Attributes:
 NAS-IP-Address = 192.168.0.1
 NAS-Port = 18
 NAS-Port-Type = Async
 User-Name = "test"
 Called-Station-Id = "12345"
 Calling-Station-Id = "54321"
 User-Password =
"<210><188>!<141><214>W'N<136><193><248><130>6<16><191><211>"
 Service-Type = Framed-User
 Framed-Protocol = PPP

Wed Nov 27 16:51:30 2002: DEBUG: Handling request with Handler
'Realm=testing.is'
Wed Nov 27 16:51:30 2002: DEBUG: Rewrote user name to test
Wed Nov 27 16:51:30 2002: DEBUG:  Deleting session for test, *removed*, 18
Wed Nov 27 16:51:30 2002: DEBUG: Handling with Radius::AuthLDAP2:
Wed Nov 27 16:51:30 2002: INFO: Connecting to 192.168.0.2, port 389
Wed Nov 27 16:51:30 2002: INFO: Attempting to bind with *removed*, *removed*
(server 192.168.0.2:389)
Wed Nov 27 16:51:30 2002: DEBUG: LDAP got result for uid=test,*removed*
Wed Nov 27 16:51:30 2002: DEBUG: LDAP got clearTextPassword: pass
Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 looks for match with test
Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Wed Nov 27 16:51:30 2002: INFO: Access rejected for test: Bad Password
Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1645 ....
Code:       Access-Reject
Identifier: 30
Authentic:  <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
Attributes:
 Reply-Message = "Request Denied"

********************************************************


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list