(RADIATOR) radiator and Novell Universal Password
Mike McCauley
mikem at open.com.au
Fri Aug 12 18:47:10 CDT 2005
Hello Don,
Im not sure what the problem is here.
There may be a problem with the Convert::ASN1module or perl-ldap. Did you
build and install them yourself? If so did you do a 'make test'? Successfuly?
The other possibility is that there is some protocol problem between perl-ldap
and eDirectory, or an eDirectory configuration problem. To test this you
should enable the AuthBy LDAP2 Debug flag so we can examine the conversation
between Radiator and eDirectory.
You should perhaps also check any relevant eDirectory log files for clues.
Cheers.
On Saturday 13 August 2005 01:05, Don Elrod wrote:
> I'm attempting to use radiator with Novell's Universal Password. The test
> user's entire eDirectory record shows up in the log; but I keep getting the
> error message: "ERR: get_edir_password for cn=user01,o=UTC could not do
> LDAP extension: LDAP_OTHER". Radiator works fine when I change the
> configuration from GetNovellUP to ServerChecksPassword.
>
> I'm running Radiator-Locked-3.13-1 on a Red Hat AS 4 system at 2.6.9-11 EL
> and have installed perl-ldap 0.33. The eDirectory server is running
> Netware 6.5, SP 2. eDirectory is at 8.7.3.4. The password policy includes
> the settings "Enable Universal Password", "allow user agent to retrieve
> password", and "allow admin to retrieve passwords".
>
> I'm testing with:
> radpwtst -noacct -user user01 -password password.
>
> Here's the configuration file:
> LogStdout
> LogDir /var/log/radius
> DbDir /etc/radiator
> Trace 4
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy LDAP2>
> Host server.utc.edu
> AuthDN cn=radiusadmin,o=UTC
> AuthPassword password
> BaseDN o=UTC
> UsernameAttr uid
> NoDefault
> HoldServerConnection
> GetNovellUP
> Version 3
> </AuthBy>
> </Realm>
>
> Here's the logfile:
> Thu Aug 11 17:19:56 2005: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32783 ....
> Code: Access-Request
> Identifier: 251
> Authentic: 1234567890123456
> Attributes:
> User-Name = "user01"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = [deleted]
>
> Thu Aug 11 17:19:56 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Thu Aug 11 17:19:56 2005: DEBUG: Deleting session for
> user01, 203.63.154.1, 1234 Thu Aug 11 17:19:56 2005: DEBUG: Handling with
> Radius::AuthLDAP2:
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got result for cn=user01,o=UTC
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got utcID: user01
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got UUID: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nspmPasswordPolicyDN: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got eduPersonPrimaryAffiliation:
> Employee Thu Aug 11 17:19:56 2005: DEBUG: LDAP got eduPersonNickname:
> [deleted] Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSLocale: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSTimezone: 62
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSTemplate: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSFeatureSet: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSRule: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSDefaultCharset: UTF-8
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got nIMSSignature: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAccountingData: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAddressbook: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxAddressbookURLPublic:
> [deleted] Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxPrivacy: 0
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxTimeout: 40
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxPreferences: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxColor: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxLanguage: 4
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxQuotaValue: 200000
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxUseQuota: 1
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxMessagingDisabled: 0
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxVacationMessageEnabled: 0
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxForwardingEnabled: 0
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxReplyMessage: .
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got novonyxEMailAddress: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got displayName: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeZipCode: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homePostalAddress: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeState: TN
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homePhone: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got homeCity: Chattanooga
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got employeeType: staff
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got mailstop: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got company: The University of
> Tennessee at Chattanooga Thu Aug 11 17:19:56 2005: DEBUG: LDAP got city:
> Chattanooga
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got roomNumber: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got mail: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got uid: user01
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got initials: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got givenName: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got fullName: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got Language: English
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got messageServer: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got title: Systems Admin
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got telephoneNumber: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got sn: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got street: 615 McCallie Ave
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got st: TN
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got postalCode: 37403
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got physicalDeliveryOfficeName:
> [deleted] Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordRequired: TRUE
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordMinimumLength: 6
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got passwordAllowChange: FALSE
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ou: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got objectClass: inetOrgPerson
> organizationalPerson Person ndsLoginProperties Top homeInfo eduPerson
> eduOrg tnEduPerson utcEduPerson pwmUser
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginTime: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginIntruderAddress: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginDisabled: FALSE
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got loginAllowedTimeMap: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got l: Chattanooga
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ndsHomeDirectory: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got groupMembership: [deleted]
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got facsimileTelephoneNumber:
> [deleted] Thu Aug 11 17:19:56 2005: DEBUG: LDAP got cn: user01
> Thu Aug 11 17:19:56 2005: DEBUG: LDAP got ACL: [deleted]
> Thu Aug 11 17:19:56 2005: ERR: get_edir_password for cn=user01,o=UTC could
> not do LDAP extension: LDAP_OTHER Thu Aug 11 17:19:56 2005: DEBUG:
> Radius::AuthLDAP2 looks for match with user01 Thu Aug 11 17:19:56 2005:
> DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password Thu Aug 11 17:19:56
> 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad Encrypted password Thu Aug 11
> 17:19:56 2005: INFO: Access rejected for user01: Bad Encrypted password Thu
> Aug 11 17:19:56 2005: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32783 ....
> Code: Access-Reject
> Identifier: 251
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> -------------------------------------------------------------------
> Don Elrod drentn at myrealbox.com
> Systems Administrator
> University of Tennessee at Chattanooga
> Chattanooga, TN 37403, USAd]
> Thu Aug 11 17:19:56 2005: ERR: get_edir_password for cn=user01,o=UTC could
> not do LDAP extension: LDAP_OTHER Thu Aug 11 17:19:56 2005: DEBUG:
> Radius::AuthLDAP2 looks for match with user01 Thu Aug 11 17:19:56 2005:
> DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password Thu Aug 11 17:19:56
> 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad Encrypted password Thu Aug 11
> 17:19:56 2005: INFO: Access rejected for user01: Bad Encrypted password Thu
> Aug 11 17:19:56 2005: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32783 ....
> Code: Access-Reject
> Identifier: 251
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> -------------------------------------------------------------------
> Don Elrod drentn at myrealbox.com
> Systems Administrator
> University of T
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list