(RADIATOR) Radiator authentication failing ( auth against an LDAP directory)
Hugh Irvine
hugh at open.com.au
Tue Mar 20 14:43:19 CST 2007
Hello Giovanni -
I will need to see a trace 4 debug from Radiator showing what is
happening, including the LDAP debug which can be set with Debug 255
in the AuthBy LDAP2 clause.
You also don't need the AuthAttrDef in your configuration file, as it
is the PasswordAttr definition that is used to check the password.
Your configuration file should look something like this:
.....
Trace 4
.......
<Realm gev.net>
AcctLogFileName %L/ldap/detail
PasswordLogFileName %L/ldap/password.log
<AuthBy LDAP2>
Debug 255
Host ldap.gev.net
Port 389
# Log in to LDAP as admin
AuthDN uid=smadmin,ou=SMI Directory Administrators
# log in to LDAP with password adminpassword
AuthPassword *omitted*
BaseDN %0=%1,ou=People,dc=gev,dc=net
Scope base
# this is the atrtibute for username
UsernameAttr mailRoutingAddress
# this attribute is for passwords
# EncryptedPasswordAttr userPassword
PasswordAttr userPassword
</Authby>
</Realm gev.net>
regards
Hugh
On 21 Mar 2007, at 05:31, Giovanni Del Valle wrote:
>
> I am having trouble getting radius server to authenticate against
> LDAP server.
> My username is gdelvalle at gev.net
> My password is test123
> I've read the manual but can;t make any head way. Just to check
> binding and searching I successfully had radius auth against
> mailRoutingAddress. ( in other words, once the email address
> existed teest would pass.
> I have excerpts of all my files below. I know that the ldap server
> responds with a crypt variant of my cleartest password test123
> crypt(test123,L4) => L4snWrnZi9wfU
>
> So why does it fail??
>
> Please help.
> Giovanni
> Assistant System Adminitrator
> -----------------------
>
> radius logfile gives me this: ERR: ldap search failed with error
> LDAP_NO_SUCH_OBJECT.
> password.log gives me this: Tue Mar 20 11:50:43
> 2007:1174413043:gdelvalle at gev.net:test123:{CRYPT}L4snWrnZi9wfU:FAIL
>
> <Realm gev.net>
> AcctLogFileName %L/ldap/detail
> PasswordLogFileName %L/ldap/password.log
>
> <AuthBy LDAP2>
>
> Host ldap.gev.net
> Port 389
> # Log in to LDAP as admin
> AuthDN uid=smadmin,ou=SMI Directory Administrators
>
> # log in to LDAP with password adminpassword
>
> AuthPassword *omitted*
>
> BaseDN %0=%1,ou=People,dc=gev,dc=net
> Scope base
>
> # this is the atrtibute for username
> UsernameAttr mailRoutingAddress
>
> # this attribute is for passwords
> # EncryptedPasswordAttr userPassword
> PasswordAttr userPassword
>
> # AuthAttrDef uid,User-Name,check
> AuthAttrDef userPassword,User-Password,check
> </Authby>
>
> </Realm gev.net>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list