(RADIATOR) RADIATOR and LDAP authentication problem

Paulo Valverde Costa pcosta at ccom.uminho.pt
Wed Feb 4 06:41:50 CST 2004 

Hello,

I'm testing authentication with Radiator 3.7.1 on Netscape Directory Server
4.0 (each on a separate server) and I have trouble with the authentication
of VPN users (Cisco 3030 VPN Concentrator).

This is a log of the RADIATOR:

Wed Feb  4 12:00:36 2004: ERR: Attribute number 195 (vendor 3076) is not
defined in your dictionary
Wed Feb  4 12:00:36 2004: DEBUG: Packet dump:
*** Received from 193.137.17.1 port 1040 ....

Packet length = 112
01 26 00 70 d5 c5 f3 a4 71 14 ff 19 fe d5 19 7c
7e 54 ec ba 01 17 75 73 65 72 31 40 74 65 73 74
65 2e 75 6d 69 6e 68 6f 2e 70 74 02 12 17 fd 55
98 93 bf 6e fe 88 32 e5 dc d0 fc 2e a3 05 06 00
00 04 1c 06 06 00 00 00 02 07 06 00 00 00 01 42
0d 31 37 32 2e 31 39 2e 30 2e 34 31 1a 08 00 00
0c 04 c3 02 04 06 c1 89 11 01 3d 06 00 00 00 05
Code:       Access-Request
Identifier: 38
Authentic:  <213><197><243><164>q<20><255><25><254><213><25>|~T<236><186>
Attributes:
        User-Name = "user1 at teste.uminho.pt"
        User-Password =
"<23><253>U<152><147><191>n<254><136>2<229><220><208><252>.<163>"
        NAS-Port = 1052
        Service-Type = Framed
        Framed-Protocol = PPP
        Tunnel-Client-Endpoint = 172.19.0.41
        NAS-IP-Address = 193.137.17.1
        NAS-Port-Type = Virtual

Wed Feb  4 12:00:36 2004: DEBUG: Handling request with Handler
'Realm=/uminho.pt$/'
Wed Feb  4 12:00:36 2004: DEBUG:  Deleting session for
user1 at teste.uminho.pt, 193.137.17.1, 1052
Wed Feb  4 12:00:36 2004: DEBUG: Handling with Radius::AuthLDAP2: ldap_auth
Wed Feb  4 12:00:36 2004: INFO: Connecting to 193.137.16.145, port 389
Wed Feb  4 12:00:36 2004: INFO: Attempting to bind to LDAP server
193.137.16.145:389)
Wed Feb  4 12:00:36 2004: DEBUG: LDAP got result for cn=Utilizador Um
(user1),ou=people,dc=teste,dc=uminho,dc=pt,o=internet
Wed Feb  4 12:00:36 2004: DEBUG: LDAP got businessCategory: funcionarios
Wed Feb  4 12:00:36 2004: ERR: There was no password attribute found for
user1 at teste.uminho.pt. Check your LDAP database.
Wed Feb  4 12:00:36 2004: DEBUG: Radius::AuthLDAP2 looks for match with
user1 at teste.uminho.pt
Wed Feb  4 12:00:36 2004: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted
password
Wed Feb  4 12:00:36 2004: INFO: Connecting to 193.137.16.145, port 389
Wed Feb  4 12:00:36 2004: INFO: Attempting to bind to LDAP server
193.137.16.145:389)
Wed Feb  4 12:00:36 2004: DEBUG: No entries for DEFAULT found in LDAP
database
Wed Feb  4 12:00:36 2004: INFO: Access rejected for user1 at teste.uminho.pt:
Bad Encrypted password
Wed Feb  4 12:00:36 2004: DEBUG: Packet dump:
*** Sending to 193.137.17.1 port 1040 ....

Packet length = 44
03 26 00 2c 99 41 84 17 50 92 cb 55 c7 eb c9 5d
b5 c2 a7 a5 12 18 42 61 64 20 45 6e 63 72 79 70
74 65 64 20 70 61 73 73 77 6f 72 64
Code:       Access-Reject
Identifier: 38
Authentic:  <213><197><243><164>q<20><255><25><254><213><25>|~T<236><186>
Attributes:
        Reply-Message = "Bad Encrypted password"





This is a problem of inexistence of the password atribute or the "Bad
Encrypted password"


I'm sure of my password, and I don't understand why Radiator rejects my
requests.


How can i pass this problem?


an excert of my Radius conf. file is:

...
<AuthBy LDAP2>
  AutoMPPEKeys
  AuthDN cn=Admin Teste
(admin),ou=People,dc=teste,dc=uminho,dc=pt,o=internet
  AuthPassword teste
  BaseDN dc=teste,dc=uminho,dc=pt,o=internet
  Description Autenticador por LDAP
  Host 172.16.172.20
  Identifier ldap_auth
  PasswordAttr User-Password
#  EncryptedPasswordAttr Encrypted-Password
#  EncryptedPasswordAttr User-Password
#  EncryptedPasswordAttr userPassword
#  PasswordAttr userPassword
#  PasswordAttr Password
# PasswordAttr User-Password
  AuthAttrDef businessCategory, Class, reply
  Port 389
  UsernameAttr mail
</AuthBy>

....


best regards,
paulo

----------------------------------------------------------------------------
Paulo J. Valverde V. Costa
Centro de Comunicações - Campus de Gualtar - Universidade do Minho
4710-057 Braga, PORTUGAL
Tel.: + 351 253 604023; Fax: + 351 253 604021
e-mail: pcosta at ccom.uminho.pt
http://www.ccom.uminho.pt

----------------------------------------------------------------------------
"Few things are harder to put up with than the annoyance of a good example."
                      Mark Twain (1835-1910);
----------------------------------------------------------------------------

This email is confidential. If you are not the intended recipient,
you must not disclose or use the information contained in it.
If you have received this mail in error, please tell us
immediately by return email and delete the document.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list