(RADIATOR) Radiator authentication failing ( auth against an LDAP directory)

Hugh Irvine hugh at open.com.au
Tue Mar 20 14:43:19 CST 2007


Hello Giovanni -

I will need to see a trace 4 debug from Radiator showing what is  
happening, including the LDAP debug which can be set with Debug 255  
in the AuthBy LDAP2 clause.

You also don't need the AuthAttrDef in your configuration file, as it  
is the PasswordAttr definition that is used to check the password.

Your configuration file should look something like this:

.....

Trace 4

.......


<Realm gev.net>

  AcctLogFileName %L/ldap/detail
  PasswordLogFileName %L/ldap/password.log

  <AuthBy LDAP2>

    Debug 255

    Host ldap.gev.net
    Port 389
    # Log in to LDAP as admin
    AuthDN uid=smadmin,ou=SMI Directory Administrators

    # log in to LDAP with password adminpassword

    AuthPassword *omitted*

    BaseDN     %0=%1,ou=People,dc=gev,dc=net
    Scope       base

    # this is the atrtibute for username
    UsernameAttr mailRoutingAddress

    # this attribute is for passwords
   # EncryptedPasswordAttr userPassword
   PasswordAttr userPassword

  </Authby>

</Realm gev.net>


regards

Hugh


On 21 Mar 2007, at 05:31, Giovanni Del Valle wrote:

>
> I  am having trouble getting radius server to authenticate against  
> LDAP server.
> My username is gdelvalle at gev.net
> My password is test123
> I've read the manual but can;t make any head way.  Just to check  
> binding and searching I successfully had radius auth against  
> mailRoutingAddress.  ( in other words, once the email address  
> existed  teest would pass.
> I have excerpts of all my files below.  I know that the ldap server  
> responds with  a crypt  variant of my cleartest password test123
>   crypt(test123,L4) => L4snWrnZi9wfU
>
> So why does it fail??
>
> Please help.
> Giovanni
> Assistant System Adminitrator
> -----------------------
>
> radius logfile gives me this:  ERR: ldap search failed with error  
> LDAP_NO_SUCH_OBJECT.
> password.log gives me this: Tue Mar 20 11:50:43  
> 2007:1174413043:gdelvalle at gev.net:test123:{CRYPT}L4snWrnZi9wfU:FAIL
>
> <Realm gev.net>
>  AcctLogFileName %L/ldap/detail
>  PasswordLogFileName %L/ldap/password.log
>
>  <AuthBy LDAP2>
>
>    Host ldap.gev.net
>    Port 389
>    # Log in to LDAP as admin
>    AuthDN uid=smadmin,ou=SMI Directory Administrators
>
>    # log in to LDAP with password adminpassword
>
>    AuthPassword *omitted*
>
>    BaseDN     %0=%1,ou=People,dc=gev,dc=net
>    Scope       base
>
>    # this is the atrtibute for username
>    UsernameAttr mailRoutingAddress
>
>    # this attribute is for passwords
>   # EncryptedPasswordAttr userPassword
>   PasswordAttr userPassword
>
>   # AuthAttrDef uid,User-Name,check
>    AuthAttrDef userPassword,User-Password,check
>  </Authby>
>
> </Realm gev.net>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list