(RADIATOR) Novell Universal passwords (and EAP)

Peter Bates Peter.Bates at lshtm.ac.uk
Fri Oct 6 11:43:24 CDT 2006 

Hello all...

Apologies for this, but a slight return to a subject I've asked about
before (01/09/06).

We're seeing a small but significant number of users who cannot
seem to communicate using WPA + PEAP + MS-CHAPv2, talking to Radiator,
which then talks LDAP to Novell eDirectory.

I am using 'GetNovellUP' in my AuthBy LDAP2.

I can see that nmasldap_get_password gets called in Ldap.pm.

I also occasionally see this unknown error code message:
Fri Oct  6 15:44:36 2006: ERR: get_edir_password for
cn=IMBIZZEE,ou=2006,ou=ITD,ou=MSC,o=LSHTM error code: (-16049) UNKNOWN
NOVELL ERROR CODE

However I very rarely see the ones defined in the subroutine, such as:
 -601  => '(-601) No such entry',
 -603  => '(-603) No such attribute. Universal password not set?',

When the user fails to authenticate, I just see:

Fri Oct  6 09:11:15 2006: DEBUG: Radius::AuthLDAP2 looks for match
with
xxxx [anonymous]
Fri Oct  6 09:11:15 2006: DEBUG: Radius::AuthLDAP2 ACCEPT: : xxxx
[anonymous]
Fri Oct  6 09:11:15 2006: DEBUG: EAP result: 1, EAP MSCHAP-V2
Authentication
failure
Fri Oct  6 09:11:15 2006: DEBUG: AuthBy GROUP result: REJECT, EAP
MSCHAP-V2
Authentication failure
Fri Oct  6 09:11:15 2006: INFO: Access rejected for anonymous: EAP
MSCHAP-V2
Authentication failure

I have the 'Debug 255'  to debug Net::LDAP but it 
would appear this doesn't increase logging for this particular
problem.

I also see the reference to:

$self->log($main::LOG_EXTRA_DEBUG, "Got Novell Universal Password:
$password", $p);

in AuthLDAP2.pm

but I'd rather not log passwords to the logfile just to get a better
idea of what is going wrong.

If anyone has pointers, particularly people using 802.1x 
to talk to Novell eDirectory, they'd be most gratefully received!

Thanks.



--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list