[RADIATOR] trouble with LDAPv2 and simple bind
Matt Richard
matt.richard at fandm.edu
Thu Jul 3 08:23:12 CDT 2008
Argh... that was the problem!
I kept thinking "but I'm using the same config file!" After I
re-entered the shared secret in the VPN3000 it started working just
fine. I must have mis-typed the first time.
I also tested WPA-Enterprise with TTLS, back-ended with LDAP_APS. I was
receiving an odd error message:
"ERR: TLS could not load_verify_locations , :"
I had to add a EAPTLS_CAPath statement to my AuthBy FILE section. Once
I did that everything worked perfectly.
I also tested on OSX Server 10.5.4 without problems.
Thanks again,
Matt
Hugh Irvine wrote:
>
> Hello Matt -
>
> My guess would be incorrect shared secrets between the device you are
> testing with and the new installation of Radiator.
>
> regards
>
> Hugh
>
>
> On 3 Jul 2008, at 05:14, Matt Richard wrote:
>
>> Hello,
>>
>> I am working on upgrading Radiator from 3.17.1 to 4.2 on my Mac OSX
>> 10.4.11 systems.
>>
>> In one authentication scenario, a Cisco VPN3000 authenticates against
>> Radiator. Radiator in turn uses LDAPv2 with ServerChecksPassword to
>> authenticate user passwords.
>>
>> Server #1 is still running 3.17.1. It is working just fine.
>>
>> Server #2 is running 4.2 with patches up to 2008-06-27. Radiator on
>> this server cannot perform simple binds to authenticate users. The
>> password seems to be munged before it gets sent from Radiator to the
>> LDAP server.
>>
>> When I do a packet capture on Server #1, looking at the ldap bind, I
>> can see the password in cleartext.
>>
>> However when I do the same capture on Server #2 the password is
>> longer and it does not match the cleartext of the user password.
>>
>> Both servers are Mac OSX 10.4.11 and are using the same perl modules
>> including perl-ldap-0.36. They are also using the same configuration
>> files.
>>
>> Do you have any thoughts or suggestions?
>>
>> Thanks!
>>
>> -Matt
>>
>
--
Matt Richard '08
Access and Security Coordinator
Computing Services
Franklin & Marshall College
matt.richard at fandm.edu
(717) 291-4157
More information about the radiator
mailing list