(RADIATOR) GetNovellUP problem
Mike McCauley
mikem at open.com.au
Thu Jul 14 16:48:13 CDT 2005
Hello Michal,
On Thursday 14 July 2005 22:20, Michal Marciniszyn wrote:
> Hello Mike,
>
> currently there is installed perl 5.8.6, in
> /usr/lib/perl/site_perl/5.8.6/Net there is LDAP.pm module with version
> 0.33... It is from standart SUSE Linux Proffesional 9.3 installation...
That version tests here OK, but you should also check your version of
Convert::ASN1. We have 0.07.
Have you checked your version of edirectory, according to the instructions in
goodies/edirectory.txt?
The next step wil be to enable Debug in your AuthBy LDAP2 so we can see what
is being passed between Radiator and the LDAP directory.
Cheers.
>
> Should I upgrade it? Or install different module?
>
> Mike McCauley wrote:
> >Hello Michal,
> >
> >Looks like there is aproblem with the LDAP extension support in your
> > Net::LDAP module. What verison of Net::LDAP do you have installed?
> >
> >Cheers.
> >
> >On Thursday 14 July 2005 19:09, Michal Marciniszyn wrote:
> >>Hello,
> >>
> >>I have problem with PEAP-MsCHAPv2 authorization against Novell
> >>eDirectory LDAP server. Radiator connects to eDirectory with no problem,
> >>it gains all parameters from db, but not the Universal Password, thought
> >>it is set. After I set up some debugging I came out with following log:
> >>
> >>Wed Jul 13 13:24:02 2005: ERR: get_edir_password for
> >>cn=TSTOIS1,ou=ICT,ou=HSP,o=EDU could not do LDAP extension:
> >>LDAP_PROTOCOL_ERROR
> >>Wed Jul 13 13:24:02 2005: DEBUG: Got Novell Universal Password:
> >>Wed Jul 13 13:24:02 2005: DEBUG: Radius::AuthLDAP2 looks for match with
> >>tstois1
> >>Wed Jul 13 13:24:02 2005: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted
> >>password
> >>Wed Jul 13 13:24:02 2005: DEBUG: No entries for DEFAULT found in LDAP
> >>database
> >>Wed Jul 13 13:24:02 2005: DEBUG: AuthBy LDAP2 result: REJECT, Bad
> >>Encrypted password
> >>Wed Jul 13 13:24:02 2005: INFO: Access rejected for tstois1: Bad
> >>Encrypted password
> >>Wed Jul 13 13:24:02 2005: DEBUG: Packet dump:
> >>*** Sending to 10.24.10.61 port 32769 ....
> >>
> >>Packet length = 36
> >>03 e2 00 24 00 e8 8b 24 e5 0e 2d 9c 6a 01 16 ef
> >>c9 71 92 af 12 10 52 65 71 75 65 73 74 20 44 65
> >>6e 69 65 64
> >>Code: Access-Reject
> >>Identifier: 226
> >>Authentic: 1234567890123456
> >>Attributes:
> >> Reply-Message = "Request Denied"
> >>
> >>My LDAP config looks like:
> >>
> >><AuthBy LDAP2>
> >> Identifier CheckLDAP
> >>
> >> Host 10.24.4.11
> >> Port 636
> >>
> >> AuthDN cn=tstois1,ou=ict,ou=hsp,o=edu
> >> AuthPassword XXXXX
> >>
> >>
> >> BaseDN o=edu
> >> UsernameAttr uid
> >> GetNovellUP
> >>
> >> EAPType PEAP,TTLS,TLS,MSCHAP-V2,MD5,MD5-Challenge,PAP
> >>
> >> UseSSL
> >> SSLCAFile /etc/radiator/edu1.pem
> >>
> >> HoldServerConnection
> >> Timeout 2
> >> FailureBackoffTime 30
> >> Version 3
> >></AuthBy>
> >>
> >>Is the problem Radiator issue, or something is wrongly set in eDirectory
> >>and if what?
> >>
> >>Thanks for help
> >>
> >>Michal Marciniszyn
> >>
> >>--
> >>Archive at http://www.open.com.au/archives/radiator/
> >>Announcements on radiator-announce at open.com.au
> >>To unsubscribe, email 'majordomo at open.com.au' with
> >>'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list