(RADIATOR) TTLS + LDAP2+ Active Directory
Christian Kratzer
ck-lists at cksoft.de
Wed Jan 12 08:36:05 CST 2005
Hi,
On Fri, 7 Jan 2005, Ângelo Rodrigues wrote:
>
> Hi,
>
> I have a FreeBSD 4.10 running a Radiator 3.9 to authenticate
> our Cisco Catalyst 3550 users (802.1x + eap-ttls). Our authentication
> method is "AuthBy FILE" and (until now) everything seems to work fine.
>
> Now, I'm trying to config our Radiator to validate all password
> against a Windows 2003 Active Directory. Since "AuthBy ADSI"
> doesn't work in unix systems, I'm using "AuthBy LDAP2"
> to replace ADSI features but, it doesn't seems to work.
>
> I've tried a lot of configurations but all without sucess :(((
>
> Any ideias ?
[snipp]
> AuthDN cn=Administrator,ou=Users,dc=dominio,dc=teste,dc=org
> AuthPassword XXXXXX
> BaseDN ou=Users,dc=dominio,dc=teste,dc=org
> ServerChecksPassword
[snipp]
> Fri Jan 7 17:00:11 2005: ERR: Could not bind connection with
> cn=Administrator,ou=Users,dc=dominio,dc=teste,dc=org, XXXXXX,
> error: LDAP_INVALID_CREDENTIALS (server 192.168.0.1:389).
> Fri Jan 7 17:00:11 2005: ERR: Backing off from 192.168.0.1:389 for 600
> seconds.
from the error message LDAP_INVALID_CREDENTIALS it looks like the ldap
bind did not succeed. From what I see in our active directory installation
the default administrator user lives in CN=Users and not OU=Users. This
could be different depending on what version of Active Directory you use.
You might want to try changng your AuthDN from
AuthDN cn=Administrator,ou=Users,dc=dominio,dc=teste,dc=org
to
AuthDN cn=Administrator,CN=Users,dc=dominio,dc=teste,dc=org
and see if that works.
You will also be restricted to using PAP for your inner TTLS authentication
method. CHAP, MS-CHAP and other challenge response based methods won't
work when radiator cannot access the cleartext password for computing the
challenge.
Greetings
Christian
--
Christian Kratzer ck at cksoft.de
CK Software GmbH http://www.cksoft.de/
Phone: +49 7452 889 135 Fax: +49 7452 889 136
More information about the radiator
mailing list