(RADIATOR) ldap auth problem

Alexander Sharaz A.Sharaz at hull.ac.uk
Wed Jan 18 05:08:49 CST 2006 

Chaps,

Yesterday I was using 
<AuthBy LDAP2>
   Identifier checkByLdap
   Version 3
   Host slb-ldap.hull.ac.uk
   BaseDN ou=People,dc=ldapauth
   Scope subtree
   UsernameAttr uid
   PasswordAttr UserPassword
   AuthDN  cn=FRED, dc=FRED
   AuthPassword    FRED
   HoldServerConnection
   Debug 255
   AddToReplyIfNotExist
Tunnel-Type=VLAN,Tunnel-Medium-Type=Ether_802,Tunnel-Private-Group-ID=74
0
   EAPType TTLS,PEAP,MSCHAP-V2,MD5-Challenge,TLS
   EAPTLS_CAFile /etc/radiator/certificates/chain.pem
   EAPTLS_CertificateFile /etc/radiator/certificates/chain.pem
   EAPTLS_CertificateType PEM
   EAPTLS_PrivateKeyFile /etc/radiator/certificates/server.key
   EAPTLS_PrivateKeyPassword
   AutoMPPEKeys
   Debug 255
</AuthBy>
To authenticate my Odyssey test pc to our ldap server. And everything
worked.

Today, I changed my password on the ldap server ( which hasn't been
changed for about a year) after which any authentication fails.
All my (java) based progs on the same system work just fine against the
new password and proxying off to another standby radius server which has
the same password also works. I think the change is that my password
used to be in the LDAP server as cleartext and is now there in the form
{crypt}<whatever it is>

I'm running Radiator 3.14 on a RHEL4 server

It's been suggested that I need to recompile the ldap libraries with a
crypt option.

Does that sound right?

Here's the radiator logfile:-

Wed Jan 18 10:50:31 2006: DEBUG: Handling with Radius::AuthLDAP2:
checkByLdap
Wed Jan 18 10:50:31 2006: INFO: Connecting to slb-ldap.hull.ac.uk, port
389
Wed Jan 18 10:50:31 2006: INFO: Attempting to bind to LDAP server
slb-ldap.hull.ac.uk:389
Wed Jan 18 10:50:31 2006: DEBUG: LDAP got result for
uid=ccsas,ou=People,dc=ldapauth
Wed Jan 18 10:50:31 2006: DEBUG: LDAP got userPassword:
{crypt}4EeG/zDTPf976
Wed Jan 18 10:50:31 2006: DEBUG: Radius::AuthLDAP2 looks for match with
ccsas [ccsas]
Wed Jan 18 10:50:31 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password:
ccsas [ccsas]
Wed Jan 18 10:50:31 2006: DEBUG: No entries for DEFAULT found in LDAP
database
Wed Jan 18 10:50:31 2006: DEBUG: AuthBy LDAP2 result: REJECT, Bad
Password
Wed Jan 18 10:50:31 2006: INFO: Access rejected for ccsas: Bad Password
Wed Jan 18 10:50:31 2006: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code:       Access-Reject

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list