(RADIATOR) Radiator and Opendirectory

Philip Ershler ershler at cvrti.utah.edu
Wed Oct 13 18:54:45 CDT 2004 

Hi,
	I've got a Radiator RADIUS Server up and running on a MacOSX 10.3.5 
Server system. I'm using the server to authenticate wireless users with 
a WPA scheme using eap_ttls. I can currently authenticate using  
<AuthBy FILE> just fine. What I'd really like to do is authenticate 
using Apple's LDAP/OpenDirectory (server authenticates user). I have 
tried the example opendirectory.cfg from goodies, but I can't 
authenticate. Here's what happens in the log when I try. Everything is 
fine with the inner authentication machinery. The username and password 
get picked out correctly, but then ...

Wed Oct 13 17:38:05 2004: DEBUG: Handling request with Handler 
'Realm=DEFAULT'
Wed Oct 13 17:38:05 2004: DEBUG:  Deleting session for ershler, 
10.0.1.1,
Wed Oct 13 17:38:05 2004: DEBUG: Handling with Radius::AuthLDAP2:
Wed Oct 13 17:38:05 2004: INFO: Connecting to 155.100.140.12, port 389
Wed Oct 13 17:38:05 2004: INFO: Attempting to bind to LDAP server 
155.100.140.12:389)
Wed Oct 13 17:38:05 2004: ERR: Could not bind connection with , , 
error: LDAP_PROTOCOL_ERROR (server 155.100.140.12:389).
Wed Oct 13 17:38:05 2004: ERR: Backing off from 155.100.140.12:389 for 
600 seconds.
Wed Oct 13 17:38:05 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Oct 13 17:38:05 2004: DEBUG: Radius::AuthFILE looks for match with 
ershler
Wed Oct 13 17:38:05 2004: INFO: Access rejected for ershler: No such 
user
Wed Oct 13 17:38:05 2004: DEBUG: EAP result: 1, EAP TTLS inner 
authentication redespatched to a Handler
Wed Oct 13 17:38:05 2004: INFO: Access rejected for ershler: EAP TTLS 
inner authentication redespatched to a Handler
Wed Oct 13 17:38:05 2004: DEBUG: Packet dump:
*** Sending to 155.100.140.15 port 1026 ....
Code:       Access-Reject
Identifier: 16
Authentic:  <25><141><0><244>`<204><218><155>Ro<247><1><203>K<143><147>
Attributes:
         EAP-Message = <4><6><0><4>
         Message-Authenticator = 
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
         Reply-Message = "Request Denied"


	I notice the date on the opendirectory,cfg example file is quite old. 
Is there anything any newer? I've got a few more questions, but one 
step at a time.

Thanks, Phil

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list