(RADIATOR) closer:LDAP_INVALID_CREDENTIALS

Hugh Irvine hugh at open.com.au
Mon Apr 14 19:02:23 CDT 2003


Hello Bill -

Your first problem is due to your use of the "radpwtst" program which 
uses 203.63.154.1 by default.

Here is the help output from "radpwtst":

bash-2.05a$ perl radpwtst -h
usage: radpwtst [-h] [-time] [-iterations n]
           [-trace [level]] [-s server] [-secret secret]
           [-noauth] [-noacct][-nostart] [-nostop] [-status]
           [-chap] [-mschap] [-mschapv2] [-eapmd5]
           [-accton] [-acctoff] [-framed_ip_address address]
           [-auth_port port] [-acct_port port] [-identifier n]
           [-user username] [-password password] [-nas_ip_address 
address]
           [-nas_port port] [-nas_port_type type] [-service_type service]
           [-calling_station_id string] [-called_station_id string]
           [-session_id string] [-interactive]
           [-delay_time n] [-session_time n] [-input_octets n]
           [-output_octets n] [-timeout n] [-dictionary file,file]
           [-gui] [-class string] [-useoldascendpasswords]
           [-code requestcode] [-raw data] [-rawfile filename]
           [attribute=value]...

For your second problem I will need to see a trace 4 debug from 
Radiator showing what is happening, together with the complete 
configuration file (no secrets).

regards

Hugh


On Tuesday, Apr 15, 2003, at 08:08 Australia/Melbourne, Bill Davies 
wrote:

>
> Well, I am getting closer.  Sorry for being so dense about this.
>
>
>
> I see two areas with errors:
>
>
>
>
> 1. Radiator debug log says NAS IP address is at 203.63.154.1 -- so 
> what config file did I miss that is giving it that IP number?  (We 
> have no machine on our network with that IP address, nor does the 
> machine I use at work have that IP address.) Our NAS IP should be 
> 192.168.1.2
>
> Attributes:
> 	User-Name = "bdavies"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password = 
> "<131><232>5<204><220>k5<128><188>8<9><160><216>}x<153>"
>
>
>
> I don't see that IP number in my config file that I am trying to build 
> (macnexus.cfg)
>
>
>
>
>
>
>
>
>
> 2.  I'm seeing LDAP_INVALID_CREDENTIALS
>
>
> According to Stalker Software, their matrix is like this:
>
> Communigate Pro Name				Directory
> Password					userPassword
> RealName					cn
>
>
> Satlker suggested if Directory Integration -> Domain Subtree is blank, 
> try using "top" instead of leaving that value blank, but I'm not sure 
> where I would put 'top'.
>
> Values surrounded by * * are things I changed in the sample LDAP 
> config file.
>
>
> I must have something screwy in my config file? Excerpt below:
>
> <Realm DEFAULT>
> 	<AuthBy LDAP2>
> 		# Tell Radiator how to talk to the LDAP server
> 		Host		192.168.1.19
>
> 		# You will only need these if your LDAP server
> 		# requires authentication. These are the examples
> 		# in a default OpenLDAP installation
> 		# see /etc/openldap/slapd.conf
> 		AuthDN		cn=*ldapadminname*, dc=macnexus.org, dc=com
> 		AuthPassword	*pw*
>
> 		# This the top of the search tree where users
> 		# will be found. It should match the configuration
> 		# of your server, see /etc/openldap/slapd.conf
> 		BaseDN		dc=macnexus.org, dc=com
>
> 		# This is the LDAP attribute to match the radius user name
> 		UsernameAttr	cn
>
> 		# If you dont specify ServerChecksPassword, you
> 		# need to tell Radiator wjhich attribute contains
> 		# the password. It can be plaintext or encrypted
> 		PasswordAttr    *userPassword*
>
> 		# You can use CheckAttr, ReplyAttr and AuthAttrDef
> 		# to specify check and reply attributes in the LDAP
> 		# database. See the reference manual for more
> 		# information
> 		#AuthAttrDef ipaddress,Framed-IP-Address,reply
>
> 		# These are the classic things to add to each users
> 		# reply to allow a PPP dialup session. It may be
> 		# different for your NAS. This will add some
> 		# reply items to everyone's reply
> 		AddToReply Framed-Protocol = PPP,\
>         		Framed-IP-Netmask = 255.255.255.255,\
>         		Framed-Routing = None,\
>         		Framed-MTU = 1500,\
> 			Framed-Compression = Van-Jacobson-TCP-IP
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list