(RADIATOR) LDAP2 and Bad Password message
Woods, Bryan
Bryan.Woods at pomona.k12.ca.us
Sun Jul 23 12:30:47 CDT 2006
Hello group,
I'm having problems getting RADIATOR to authenticate (using AuthBy LDAP2)
against my openLDAP server. The message that I'm getting is "AuthLDAP2
REJECT: Bad Password". Here are some of the specifics unique to my
installation:
1. LDAP allows anonymous (read only) binds.
2. The user accounts cannot bind to the server (only an admin account can
do that).
3. Two hashes of the same password are stored for each user, a standard
linux MD5 (stored in 'userPassword'), and an NT hash (copied from the
'smbpasswd' file and stored in 'ntPassword').
4. Eventually I'll want to use the ntPassword for authentication as I need
to enable LEAP, but I've been unsuccessful in even getting simple
authentication working.
5. RADIATOR 3.15 is running on a Windows 2K Server box under ActiveState
Perl 5.6
6. In my example below, I've used a user account "sis_link" with a password
of "sislink321".
Here's what my config file looks like:
====
==== config file ===
# ldap.cfg
#
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
Trace 4
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy LDAP2>
Host 10.1.1.101
AuthDN uid=gov,o=PUSD,c=US
AuthPassword *****
BaseDN o=PUSD,c=US
UsernameAttr uid
PasswordAttr userPassword
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Version 3
</AuthBy>
</Realm>
=== debug output ===
Sun Jul 23 10:14:46 2006: DEBUG: Packet dump:
*** Received from 10.1.7.143 port 3948 ....
Code: Access-Request
Identifier: 0
Authentic: 1153675030
Attributes:
User-Name = "sis_link"
User-Password =
7<146>9<143><185><181><174><226><217>{<198>y<128><234><1
59><31>
Sun Jul 23 10:14:46 2006: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Sun Jul 23 10:14:46 2006: DEBUG: Deleting session for sis_link, 10.1.7.143,
Sun Jul 23 10:14:46 2006: DEBUG: Handling with Radius::AuthLDAP2:
Sun Jul 23 10:14:46 2006: INFO: Connecting to 10.1.1.101:389
Sun Jul 23 10:14:46 2006: INFO: Attempting to bind to LDAP server
10.1.1.101:389
Sun Jul 23 10:14:46 2006: DEBUG: LDAP got result for
uid=sis_link,ou=Information
Technology Services,ou=Education Center,o=PUSD,c=US
Sun Jul 23 10:14:46 2006: DEBUG: LDAP got userPassword:
{crypt}$1$lS$X2L/zp7xWYq
Ya44c35ErZ.
Sun Jul 23 10:14:46 2006: DEBUG: Radius::AuthLDAP2 looks for match with
sis_link
[sis_link]
Sun Jul 23 10:14:46 2006: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password:
sis_lin
k [sis_link]
Sun Jul 23 10:14:46 2006: INFO: Connecting to 10.1.1.101:389
Sun Jul 23 10:14:46 2006: INFO: Attempting to bind to LDAP server
10.1.1.101:389
Sun Jul 23 10:14:46 2006: DEBUG: No entries for DEFAULT found in LDAP
database
Sun Jul 23 10:14:46 2006: DEBUG: AuthBy LDAP2 result: REJECT, Bad Password
Sun Jul 23 10:14:46 2006: INFO: Access rejected for sis_link: Bad Password
Sun Jul 23 10:14:46 2006: DEBUG: Packet dump:
*** Sending to 10.1.7.143 port 3948 ....
Code: Access-Reject
Identifier: 0
Authentic: 1153675030
Attributes:
Reply-Message = "Request Denied"
I'd appreciate any suggestions that you all can offer.
Bryan Woods
Assistant System Administrator
Pomona Unified School District
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list