(RADIATOR) Problem with authentication using ldap

Hugh Irvine hugh at open.com.au
Wed Nov 27 14:35:24 CST 2002 

Hello Ingvar -

You mention that radpwtst works fine. Have you restarted radiusd since 
changing the secret in the client clause? And are you sure you are 
editing the correct configuration file?

If you still have problems, please send me a trace 5 debug showing both 
the radpwtst authentication and the cisco authentication, together with 
the configuration file with secrets used in both cases.

regards

Hugh


On Thursday, Nov 28, 2002, at 04:48 Australia/Melbourne, Ingvar 
Bjarnason wrote:

> Hi everyone,
>
>     When authenticating against LDAP I keep getting rejected with 
> reason
> "Bad Password" when connecting from a Cisco NAS.  radpwtst works fine
> however.   Here is my bare bones config and the debug log.   I´m at 
> the end
> of my rope on this one, having read the reference materials, documents 
> and
> searched the archives to no avail.   The passwords are not encrypted in
> LDAP, the secret is the same on the NAS and the radius server so it 
> should
> work ... but it doesn´t.   What am I doing wrong here ?
>
>         Best regards,
>                                     Ingvar
>
> Ingvar Bjarnason
> Network Engineer
> Iceland Telecom
>
>
> *************************Radiator config*************
> LogDir          /var/log/radius
> LogFile         /var/log/radius/radiuslog
> DbDir           /etc/radiator
> Trace           4
> AuthPort 1812
> AcctPort 1813
>
> <Client 192.168.0.1>
>         Secret  testing123
>         DefaultRealm testing.is
> </Client>
>
> <Realm xxx>
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy LDAP2>
>                 NoDefault
>                 Host 192.168.0.2
>                 Port 389
>                 AuthDN *removed*
>                 AuthPassword testpass
>                 BaseDN *removed*
>                 UsernameAttr uid
>                 PasswordAttr clearTextPassword
>                 SearchFilter (&(serviceStatus=Active)(%0=%1))
>         </AuthBy>
> </Realm>
> ******************************************************
>
> ****************debuglog*******************************
>
> Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
> *** Received from 192.168.0.1 port 1645 ....
> Code:       Access-Request
> Identifier: 30
> Authentic:  <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
> Attributes:
>  NAS-IP-Address = 192.168.0.1
>  NAS-Port = 18
>  NAS-Port-Type = Async
>  User-Name = "test"
>  Called-Station-Id = "12345"
>  Calling-Station-Id = "54321"
>  User-Password =
> "<210><188>!<141><214>W'N<136><193><248><130>6<16><191><211>"
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>
> Wed Nov 27 16:51:30 2002: DEBUG: Handling request with Handler
> 'Realm=testing.is'
> Wed Nov 27 16:51:30 2002: DEBUG: Rewrote user name to test
> Wed Nov 27 16:51:30 2002: DEBUG:  Deleting session for test, 
> *removed*, 18
> Wed Nov 27 16:51:30 2002: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Nov 27 16:51:30 2002: INFO: Connecting to 192.168.0.2, port 389
> Wed Nov 27 16:51:30 2002: INFO: Attempting to bind with *removed*, 
> *removed*
> (server 192.168.0.2:389)
> Wed Nov 27 16:51:30 2002: DEBUG: LDAP got result for uid=test,*removed*
> Wed Nov 27 16:51:30 2002: DEBUG: LDAP got clearTextPassword: pass
> Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 looks for match 
> with test
> Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Wed Nov 27 16:51:30 2002: INFO: Access rejected for test: Bad Password
> Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
> *** Sending to 192.168.0.1 port 1645 ....
> Code:       Access-Reject
> Identifier: 30
> Authentic:  <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
> Attributes:
>  Reply-Message = "Request Denied"
>
> ********************************************************
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list