(RADIATOR) radiator and Novell Universal Password

Don Elrod drentn at myrealbox.com
Fri Aug 12 10:05:13 CDT 2005


I'm attempting to use radiator with Novell's Universal Password.  The test user's entire eDirectory record shows up in the log; but I keep getting the error message:
"ERR: get_edir_password for cn=user01,o=UTC could not do LDAP extension: LDAP_OTHER".  Radiator works fine when I change the configuration from GetNovellUP to ServerChecksPassword.

I'm running Radiator-Locked-3.13-1 on a Red Hat AS 4 system at 2.6.9-11 EL and have installed perl-ldap 0.33.  The eDirectory server is running Netware 6.5, SP 2. eDirectory is at 8.7.3.4.  The password policy includes the settings "Enable Universal Password", "allow user agent to retrieve password", and "allow admin to retrieve passwords".

I'm testing with: 
radpwtst -noacct -user user01 -password password.

Here's the configuration file:
LogStdout
LogDir          /var/log/radius
DbDir           /etc/radiator
Trace           4

<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy LDAP2>
                Host       server.utc.edu
                AuthDN     cn=radiusadmin,o=UTC
                AuthPassword    password
                BaseDN     o=UTC
                UsernameAttr    uid
                NoDefault
                HoldServerConnection
                GetNovellUP
                Version 3
        </AuthBy>
</Realm>

Here's the logfile:
Thu Aug 11 17:19:56 2005: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32783 ....
Code:       Access-Request
Identifier: 251
Authentic:  1234567890123456
Attributes:
	User-Name = "user01"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = [deleted]

Thu Aug 11 17:19:56 2005: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Aug 11 17:19:56 2005: DEBUG:  Deleting session for user01, 203.63.154.1, 1234
Thu Aug 11 17:19:56 2005: DEBUG: Handling with Radius::AuthLDAP2: 
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got result for cn=user01,o=UTC
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got utcID: user01
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got UUID: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nspmPasswordPolicyDN: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got eduPersonPrimaryAffiliation: Employee
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got eduPersonNickname: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSLocale: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSTimezone: 62
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSTemplate: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSFeatureSet: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSRule: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSDefaultCharset: UTF-8
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSSignature: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAccountingData: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAddressbook: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAddressbookURLPublic: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxPrivacy: 0
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxTimeout: 40
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxPreferences: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxColor: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxLanguage: 4
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxQuotaValue: 200000
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxUseQuota: 1
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxMessagingDisabled: 0
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxVacationMessageEnabled: 0
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxForwardingEnabled: 0
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxReplyMessage: .
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxEMailAddress: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got displayName: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeZipCode: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homePostalAddress: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeState: TN
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homePhone: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeCity: Chattanooga
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got employeeType: staff
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got mailstop: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got company: The University of Tennessee at Chattanooga
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got city: Chattanooga
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got roomNumber: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got mail: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got uid: user01
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got initials: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got givenName: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got fullName: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got Language: English
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got messageServer: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got title: Systems Admin
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got telephoneNumber: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got sn: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got street: 615 McCallie Ave
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got st: TN
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got postalCode: 37403
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got physicalDeliveryOfficeName: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordRequired: TRUE
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordMinimumLength: 6
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordAllowChange: FALSE
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ou: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got objectClass: inetOrgPerson organizationalPerson Person ndsLoginProperties Top homeInfo eduPerson 
eduOrg tnEduPerson utcEduPerson pwmUser
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginTime: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginIntruderAddress: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginDisabled: FALSE
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginAllowedTimeMap: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got l: Chattanooga
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ndsHomeDirectory: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got groupMembership: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got facsimileTelephoneNumber: [deleted]
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got cn: user01
Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ACL: [deleted]
Thu Aug 11 17:19:56 2005: ERR: get_edir_password for cn=user01,o=UTC could not do LDAP extension: LDAP_OTHER
Thu Aug 11 17:19:56 2005: DEBUG: Radius::AuthLDAP2 looks for match with user01
Thu Aug 11 17:19:56 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password
Thu Aug 11 17:19:56 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad Encrypted password
Thu Aug 11 17:19:56 2005: INFO: Access rejected for user01: Bad Encrypted password
Thu Aug 11 17:19:56 2005: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32783 ....
Code:       Access-Reject
Identifier: 251
Authentic:  1234567890123456
Attributes:
	Reply-Message = "Request Denied"

-------------------------------------------------------------------
Don Elrod    drentn at myrealbox.com
Systems Administrator
University of Tennessee at Chattanooga
Chattanooga, TN 37403, USAd]
Thu Aug 11 17:19:56 2005: ERR: get_edir_password for cn=user01,o=UTC could not do LDAP extension: LDAP_OTHER
Thu Aug 11 17:19:56 2005: DEBUG: Radius::AuthLDAP2 looks for match with user01
Thu Aug 11 17:19:56 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password
Thu Aug 11 17:19:56 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad Encrypted password
Thu Aug 11 17:19:56 2005: INFO: Access rejected for user01: Bad Encrypted password
Thu Aug 11 17:19:56 2005: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32783 ....
Code:       Access-Reject
Identifier: 251
Authentic:  1234567890123456
Attributes:
	Reply-Message = "Request Denied"

-------------------------------------------------------------------
Don Elrod    drentn at myrealbox.com
Systems Administrator
University of T

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list