(RADIATOR) closer:LDAP_INVALID_CREDENTIALS

Bill Davies bdavies at macnexus.org
Mon Apr 14 17:08:14 CDT 2003 

Well, I am getting closer.  Sorry for being so dense about this.



I see two areas with errors:




1. Radiator debug log says NAS IP address is at 203.63.154.1 -- so 
what config file did I miss that is giving it that IP number?  (We 
have no machine on our network with that IP address, nor does the 
machine I use at work have that IP address.) Our NAS IP should be 
192.168.1.2

Attributes:
	User-Name = "bdavies"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = 
"<131><232>5<204><220>k5<128><188>8<9><160><216>}x<153>"



I don't see that IP number in my config file that I am trying to 
build (macnexus.cfg)









2.  I'm seeing LDAP_INVALID_CREDENTIALS


According to Stalker Software, their matrix is like this:

Communigate Pro Name				Directory
Password					userPassword
RealName					cn


Satlker suggested if Directory Integration -> Domain Subtree is 
blank, try using "top" instead of leaving that value blank, but I'm 
not sure where I would put 'top'.

Values surrounded by * * are things I changed in the sample LDAP config file.


I must have something screwy in my config file? Excerpt below:

<Realm DEFAULT>
	<AuthBy LDAP2>
		# Tell Radiator how to talk to the LDAP server
		Host		192.168.1.19

		# You will only need these if your LDAP server
		# requires authentication. These are the examples
		# in a default OpenLDAP installation
		# see /etc/openldap/slapd.conf
		AuthDN		cn=*ldapadminname*, dc=macnexus.org, dc=com
		AuthPassword	*pw*

		# This the top of the search tree where users
		# will be found. It should match the configuration
		# of your server, see /etc/openldap/slapd.conf
		BaseDN		dc=macnexus.org, dc=com

		# This is the LDAP attribute to match the radius user name
		UsernameAttr	cn

		# If you dont specify ServerChecksPassword, you
		# need to tell Radiator wjhich attribute contains
		# the password. It can be plaintext or encrypted
		PasswordAttr    *userPassword*

		# You can use CheckAttr, ReplyAttr and AuthAttrDef
		# to specify check and reply attributes in the LDAP
		# database. See the reference manual for more
		# information
		#AuthAttrDef ipaddress,Framed-IP-Address,reply

		# These are the classic things to add to each users
		# reply to allow a PPP dialup session. It may be
		# different for your NAS. This will add some
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
         		Framed-IP-Netmask = 255.255.255.255,\
         		Framed-Routing = None,\
         		Framed-MTU = 1500,\
			Framed-Compression = Van-Jacobson-TCP-IP


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list