No subject
Tue Jun 24 01:27:12 CDT 2008
1º We have configured the authby clause to connect to the LDAP repository; the clause:
<AuthBy GROUP>
Identifier ldap_i2p
AuthByPolicy ContinueWhileIgnore
<AuthBy LDAP2>
Host 10.0.27.60
Port 389
AuthDN cn=i2p_ldap_write_root, dc=jazzlab, dc=com
AuthPassword i2p_ldap_write_pwd
BaseDN dc=jazzlab, dc=com
UsernameAttr login
PasswordAttr password
AuthAttrDef sh-srv-profile,Shasta-Service-Profile,reply
NoDefault
NoDefaultIfFound
HoldServerConnection
FailureBackoffTime 30
Version 3
Debug 255
</AuthBy>
<AuthBy LDAP2>
Host 10.0.27.61
Port 389
AuthDN cn=i2p_ldap_write_root, dc=jazzlab, dc=com
AuthPassword i2p_ldap_write_pwd
BaseDN dc=jazzlab, dc=com
UsernameAttr login
PasswordAttr password
AuthAttrDef sh-srv-profile,Shasta-Service-Profile,reply
NoDefault
NoDefaultIfFound
HoldServerConnection
FailureBackoffTime 30
Version 3
</AuthBy>
</AuthBy>
2º We launch a test with this command:
radpwtst -trace 4 -s 10.0.23.126 -secret radius-2G-local -user teldat2 at adsl2g.cli1vpn01@i2p -password teldat2 -auth_port 1812 -noacct -nas_ip_address 10.252.32.42
3º We see this on the Trace 4 log archive:
*** Received from 10.0.23.126 port 32807 ....
Code: Access-Request
Identifier: 253
Authentic: 1234567890123456
Attributes:
User-Name = "teldat2 at adsl2g.cli1vpn01@i2p"
Service-Type = Framed-User
NAS-IP-Address = 10.252.32.42
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <140>_<8><130><162><174><20>HU<24>C. <137><169><132>
Mon Jul 16 14:38:13 2007 705184: DEBUG: Handling request with Handler 'Realm=/^adsl2g\.[a-z][a-z][a-z]\wvpn\d\d/i, User-Realm=/i2p$/i'
Mon Jul 16 14:38:13 2007 705624: DEBUG: Rewrote user name to teldat2 at adsl2g.cli1vpn01
Mon Jul 16 14:38:13 2007 705993: DEBUG: Deleting session for teldat2 at adsl2g.cli1vpn01@i2p, 10.252.32.42, 1234
Mon Jul 16 14:38:13 2007 706239: DEBUG: Handling with Radius::AuthGROUP: ldap_i2p
Mon Jul 16 14:38:13 2007 706498: DEBUG: Handling with Radius::AuthLDAP2:
Mon Jul 16 14:38:13 2007 706834: INFO: Connecting to 10.0.27.60:389
Mon Jul 16 14:38:13 2007 711031: INFO: Attempting to bind to LDAP server 10.0.27.60:389
Mon Jul 16 14:38:13 2007 892214: DEBUG: LDAP got result for login=teldat2 at adsl2g.cli1vpn01,realmId=adsl2g,o=cli1vpn01,dc=jazzlab,dc=com
Mon Jul 16 14:38:13 2007 892538: DEBUG: LDAP got password: teldat2
Mon Jul 16 14:38:13 2007 892765: DEBUG: LDAP got sh-srv-profile: Modalidad-2G-2M/640
Mon Jul 16 14:38:13 2007 893058: DEBUG: Radius::AuthLDAP2 looks for match with teldat2 at adsl2g.cli1vpn01 [teldat2 at adsl2g.cli1vpn01@i2p]
Mon Jul 16 14:38:13 2007 893814: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: teldat2 at adsl2g.cli1vpn01 [teldat2 at adsl2g.cli1vpn01@i2p]
Mon Jul 16 14:38:13 2007 894065: DEBUG: AuthBy GROUP result: REJECT, Bad Password
Mon Jul 16 14:38:13 2007 894414: INFO: Access rejected for teldat2 at adsl2g.cli1vpn01: Bad Password
Mon Jul 16 14:38:13 2007 895562: DEBUG: Packet dump:
*** Sending to 10.0.23.126 port 32807 ....
Code: Access-Reject
Identifier: 253
Authentic: 1234567890123456
Attributes:
Tunnel-Server-Endpoint = 1:XXX.XXX.XXX.XXX
Reply-Message = "Request Denied"
Tunnel-Type = 1:L2TP
Tunnel-Client-Auth-ID = 1:I2PADSL2G
Tunnel-Server-Auth-ID = 1:LNS-I2PADSL2G
Tunnel-Password = "<1><184>0<19><198>"pE<168><19><230><154><165><247>Ek<255><177><11>"
[root at RAD0MA11 radiator]#
4º On the password file we are seen this:
Mon Jul 16 14:18:49 2007:1184588329:fprc1868:`ÒX{Y¶ˆé JŽøôÑ:acc05006:FAIL
Anybody can imagine what is happening?
Thanks to all.
Antes de imprimir este e-mail piense bien si es necesario hacerlo.
*********
Este mensaje es privado y CONFIDENCIAL y se dirige exclusivamente a su destinatario. Si usted ha recibido este mensaje por error, no debe revelar, copiar, distribuir o usarlo en ningún sentido. Le rogamos lo comunique al remitente y borre dicho mensaje y cualquier documento adjunto que pudiera contener. El correo electrónico via Internet no permite asegurar la confidencialidad de los mensajes que se transmiten ni su integridad o correcta recepción. JAZZTEL no asume responsabilidad por estas circunstancias. Si el destinatario de este mensaje no consintiera la utilización del correo electrónico via Internet y la grabación de los mensajes, rogamos lo ponga en nuestro conocimiento de forma inmediata.Cualquier opinión expresada en este mensaje pertenece únicamente al autor remitente, y no representa necesariamente la opinión de JAZZTEL, a no ser que expresamente se diga y el remitente esté autorizado para hacerlo.
*********
This message is private and CONFIDENTIAL and it is intended exclusively for its addressee. If you receive this message in error, you should not disclose, copy, distribute this e-mail or use it in any other way. Please inform the sender and delete the message and attachments from your system.Internet e-mail neither guarantees the confidentiality nor the integrity or proper receipt of the messages sent. JAZZTEL does not assume any liability for those circumstances. If the addressee of this message does not consent to the use of Internet e-mail and message recording, please notify us immediately.Any views or opinions contained in this message are solely those of the author, and do not necessarily represent those of JAZZTEL, unless otherwise specifically stated and the sender is authorised to do so.
*********
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list