(RADIATOR) 'Bad Password' error on authentication with LDAP (iPlanet)
Hugh Irvine
hugh at open.com.au
Thu Nov 18 20:08:02 CST 2004
Hello Judy -
Could you please send me a trace 4 debug showing the packet dumps and
the processing?
Have you checked that the shared secrets are correct?
regards
Hugh
On 19 Nov 2004, at 11:36, judy wrote:
> Hi all,
>
>
> I installed Radiator 3.11 on a linux (RH9) box and tried to configured
> it to authenticate users through LDAP server (iPlanet on solaris
> server). We used NTRadPing as the testing tool.
>
> Initially we could successfully authenticate users from local user
> file; then we changed the radius.cfg to test connection to LDAP
> server. But we failed with some problem related to password (that was
> plain-text and sent from Radius to ldap server), no matter we
> configured radius.cfg by using 'PasswordAttr' or
> 'EncryptedPasswordAttr'). Accually, our ldap password are in the form
> of {crypt}xxxxxxxxx -- so we're supposed to use 'PasswordAttr' as
> specified in the reference manual. I checked the name fields like
> 'userPassword' are matching the ones in ldap.
>
> -------------------------------------
> Errors in Radius's log file:
> -------------------------------------
> ...
> Thu Nov 18 16:58:31 2004: INFO: Connecting to ldap, port 123
> Thu Nov 18 16:58:31 2004: INFO: Attempting to bind to LDAP server
> ldap:123)
> Thu Nov 18 16:58:31 2004: INFO: Access rejected for judy: Bad Password
> Thu Nov 18 18:23:24 2004: NOTICE: SIGTERM received: stopping
> Thu Nov 18 18:23:31 2004: NOTICE: Server started: Radiator 3.11 on xxx
> Thu Nov 18 18:23:59 2004: INFO: Connecting to ldap, port 123
> Thu Nov 18 18:23:59 2004: INFO: Attempting to bind to LDAP server
> ldap:123)
> Thu Nov 18 18:23:59 2004: INFO: Access rejected for judy: Bad
> Encrypted password
>
>
> -----------------------------------------------------------
> info in the access error log file on ldap:
> -----------------------------------------------------------
> showing the failed access records with host and user information
>
>
> ---------------------
> Raduis.cfg file:
> ---------------------
> ...
> LogDir /var/log/radius
> DbDir /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace 3
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
> <Realm DEFAULT>
> <AuthBy LDAP2>
> AuthDN uid=admin,o=ourcompany,c=US
> AuthPassword adminpswd
> BaseDN o=ourcompany, c=US
> Host ldapsvr
> NoDefault
> PasswordAttr userPassword
> UsernameAttr uid
> Port 389
> SearchFilter (&(uid=%{User-Name})(employeeType=CURRENT))
> Debug 255
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
> </Realm>
>
>
> Thanks for any feedback in advance,
> Judy
>
> Do you Yahoo!?
> The all-new My Yahoo! – Get yours free!
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list