(RADIATOR) GetNovellUP problem

Michal Marciniszyn mmarciniszyn at gity.cz
Thu Jul 14 04:09:33 CDT 2005 

Hello,

I have problem with PEAP-MsCHAPv2 authorization against Novell 
eDirectory LDAP server. Radiator connects to eDirectory with no problem, 
it gains all parameters from db, but not the Universal Password, thought 
it is set. After I set up some debugging I came out with following log:

Wed Jul 13 13:24:02 2005: ERR: get_edir_password for 
cn=TSTOIS1,ou=ICT,ou=HSP,o=EDU could not do LDAP extension: 
LDAP_PROTOCOL_ERROR
Wed Jul 13 13:24:02 2005: DEBUG: Got Novell Universal Password:
Wed Jul 13 13:24:02 2005: DEBUG: Radius::AuthLDAP2 looks for match with 
tstois1
Wed Jul 13 13:24:02 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted 
password
Wed Jul 13 13:24:02 2005: DEBUG: No entries for DEFAULT found in LDAP 
database
Wed Jul 13 13:24:02 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad 
Encrypted password
Wed Jul 13 13:24:02 2005: INFO: Access rejected for tstois1: Bad 
Encrypted password
Wed Jul 13 13:24:02 2005: DEBUG: Packet dump:
*** Sending to 10.24.10.61 port 32769 ....

Packet length = 36
03 e2 00 24 00 e8 8b 24 e5 0e 2d 9c 6a 01 16 ef
c9 71 92 af 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 226
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"

My LDAP config looks like:

<AuthBy LDAP2>
        Identifier      CheckLDAP

        Host            10.24.4.11
        Port            636

        AuthDN          cn=tstois1,ou=ict,ou=hsp,o=edu
        AuthPassword    XXXXX


        BaseDN          o=edu
        UsernameAttr    uid
        GetNovellUP

        EAPType         PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,PAP

        UseSSL
        SSLCAFile               /etc/radiator/edu1.pem

        HoldServerConnection
        Timeout                 2
        FailureBackoffTime      30
        Version 3
</AuthBy>

Is the problem Radiator issue, or something is wrongly set in eDirectory 
and if what?

Thanks for help

Michal Marciniszyn

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list