(RADIATOR) Help with authenticating to LDAP server

Tue Jan 4 16:10:12 CST 2005

Hello Mark -

Have a look at the example configuration file in "goodies/ad-ldap.cfg".

You might want to try port 3268 instead of 389.

regards

Hugh

On 5 Jan 2005, at 01:58, Pearson, Mark wrote:

> Hope you can shed some light on this. I am new to RADIUS and Radiator. 
> I am trying to authenticate via an LDAP server. The LDAP service is 
> Microsoft’s AD, I am running Radiator on a win2003 box and my NAS is a 
> Bluesocket wireless gateway. At this stage I am tryin to keep it 
> simple and just prove that it authenitctaes to though the ldap server. 
> According to the logs it appears to contact the ldap server but ends 
> with : ldap search failed with error LDAP_PARTIAL_RESULTS
>
>  
>
> Does anyone  know where its falling down ? (I have starred out 
> sensitive information)
>
>  
>
>  
>
> Realm bit of the radius.cfg file:
>
>  
>
> <Realm DEFAULT>
>
>             <AuthBy LDAP2>
>
>                         AuthDN                         
> cn=*****,OU=****,OU=******,DC=***,DC=***,DC=ac,DC=UK
>
>                         AuthPassword               *******
>
>                         BaseDN                        
> DC=****,DC=***,DC=ac,DC=uk
>
>                         Host                             
> *****.****.***.ac.uk
>
>                         PasswordAttr                 userPassword
>
>                         Port                              389
>
>                         UsernameAttr                cn
>
>             </AuthBy>
>
> </Realm>
>
>  
>
>  
>
>  
>
> Log results on the Radiator server:
>
>  
>
>  
>
> *** Received from ***.**.***.* port 32807 ....
>
> Code:       Access-Request
>
> Identifier: 72
>
> Authentic:  @<183>v$<197><30><238><170>h<169>:<11><4><172><141>J
>
> Attributes:
>
>             User-Name = "********"
>
>             User-Password = 
> "X<9>Y<11>FJ<7><140>J<250><194><23><128><195>UU"
>
>             NAS-IP-Address = ***.**.***.*
>
>             Service-Type = Login-User
>
>             Framed-IP-Address = ***.**.*.***
>
>             Called-Station-Id = "00:07:E9:39:63:A8"
>
>             Calling-Station-Id = ""
>
>             NAS-Identifier = "Bluesocket"
>
>             Acct-Session-Id = "00:07:E9:39:63:A8:1104848991"
>
>             NAS-Port-Type = Wireless-IEEE-802-11
>
>  
>
> Tue Jan  4 14:29:58 2005: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT'
>
> Tue Jan  4 14:29:58 2005: DEBUG:  Deleting session for *******, 
> ***.**.***.*,
>
>  Tue Jan  4 14:29:58 2005: DEBUG: Handling with Radius::AuthLDAP2:
>
>  Tue Jan  4 14:29:58 2005: INFO: Connecting to *******.***.ntu.ac.uk, 
> port 389
>
> Tue Jan  4 14:29:58 2005: INFO: Attempting to bind to LDAP server 
> ******.***.ntu.ac.uk:389
>
> Tue Jan  4 14:30:03 2005: ERR: ldap search failed with error 
> LDAP_PARTIAL_RESULTS.
>
> Tue Jan  4 14:30:03 2005: ERR: Disconnecting from LDAP server (server 
> *******.***.ntu.ac.uk:389).
>
>  
>
> regards
>
> Mark Pearson
>
> Information Systems
>
> Nottingham Trent University
>
>  
>
> Tel: 0115 8484191
>
>  
>
> DISCLAIMER:
>  This email is intended solely for the addressee. It may contain 
> private and confidential information. If you are not the intended 
> addressee, please take no action based on it nor show a copy to 
> anyone. In this case, please reply to this email to highlight the 
> error. Opinions and information in this email that do not relate to 
> the official business of Nottingham Trent University shall be 
> understood as neither given nor endorsed by the University.
>
> Nottingham Trent University has taken steps to ensure that this email 
> and any attachments are virus-free, but we do advise that the 
> recipient should check that the email and its attachments are actually 
> virus free. This is in keeping with good computing practice.
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.