(RADIATOR) I need help with LDAP on AD.

Hugh Irvine hugh at open.com.au
Wed May 12 21:01:09 CDT 2004 

Hello Matias -

You should use the AuthBy LDAP2 clause (together with the prerequisites 
described in section 6.35 of the manual "doc/ref.html").

You should also use Port 3268 as shown in the example 
"goodies/ad-ldap.cfg".

regards

Hugh


On 13 May 2004, at 05:24, Radius wrote:

> Here I attach the cfg file as well as the log file.
> What am I doing wrong? It doesn't want to connect to AD.
>
> Thanks a lot.
>
> Matias Averbuj
> Information Systems
> Walsh University
>
> --------------------------------------------------------
> # Foreground
> LogStdout
> LogDir		/etc/radiator
> DbDir		/etc/radiator
> Trace 		4
> DictionaryFile /etc/radiator/dictionary
>
> <Client DEFAULT>
> 	Secret	mysecret
> 	DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> 	<AuthBy LDAP>
> 		Host		192.168.5.254
> 		Port 389
> 		AuthDN CN=Administrator,OU=Users,DC=radius,DC=edu
> 		AuthPassword	pH#nt0Ms
> 		BaseDN		OU=Users,DC=radius,DC=edu
> 		Scope		Base
> 		ServerChecksPassword
> 		UsernameAttr sAMAccountName
> 	</AuthBy>
> </Realm>
>
> <Monitor>
> 	Username mikem
> 	Password fred
> </Monitor>
>
> -----------------------------------------------
> Wed May 12 14:48:33 2004: NOTICE: Server started: Radiator 3.9 on
> BEAURAING.WALSH.EDU (EVALUATION)
> Wed May 12 14:48:34 2004: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32769 ....
> Code:       Access-Request
> Identifier: 214
> Authentic:  1234567890123456
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password =
> "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Wed May 12 14:48:34 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 12 14:48:34 2004: DEBUG:  Deleting session for mikem, 
> 203.63.154.1,
> 1234
> Wed May 12 14:48:34 2004: INFO: Access rejected for mikem:
> Wed May 12 14:48:34 2004: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32769 ....
> Code:       Access-Reject
> Identifier: 214
> Authentic:  1234567890123456
> Attributes:
> 	Reply-Message = "Request Denied"
>
> Wed May 12 14:48:34 2004: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32769 ....
> Code:       Accounting-Request
> Identifier: 215
> Authentic:  <111>3c<666><253><141><9><194>Q<212><333><253><101>g`<222>
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Start
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	Acct-Delay-Time = 0
>
> Wed May 12 14:48:34 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 12 14:48:34 2004: DEBUG:  Adding session for mikem, 
> 203.63.154.1,
> 1234
> Wed May 12 14:48:39 2004: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32769 ....
> Code:       Accounting-Request
> Identifier: 216
> Authentic:  <666>$l<183><66><243>i<666><166><222>L,7<227>F1
> Attributes:
> 	User-Name = "mikem"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Stop
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	Acct-Delay-Time = 0
> 	Acct-Session-Time = 1000
> 	Acct-Input-Octets = 20000
> 	Acct-Output-Octets = 30000
>
> Wed May 12 14:48:39 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 12 14:48:39 2004: DEBUG:  Deleting session for mikem, 
> 203.63.154.1,
> 1234
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list