[RADIATOR] LDAP is not authenticating when the username cotains DOT or password cotains #

Hugh Irvine hugh at open.com.au
Wed Feb 25 04:29:03 CST 2009


Hello Aboo Vattem Kandathil -

You should be using Radiator 4.3.1 plus the latest patches, and you  
should be using the AuthBy LSA clause rather than the AuthBy LDAP2  
clause.

See section 5.51 in the Radiator 4.3.1 reference manual ("doc/ref.pdf").

There is an example configuration file in "goodies/lsa.cfg".

regards

Hugh



On 25 Feb 2009, at 18:51, Aboo Vattem. Kandathil wrote:

> Hello,
>
> Thanks for the reply.
>
> The operating System is: Windows XP SP2
>
> The version of Radiator is 4.0 as per the log file (NOTICE: Server
> started: Radiator 4.0 on web-16)
>
> Version of PERL is:
>
> This is perl, v5.8.7 built for MSWin32-x86-multi-thread
> (with 14 registered patches, see perl -V for more detail)
>
> The authentication not successful when the password contains some
> special characters.
>
> Please find the attached text files.
>
> The first file " 1_authenticated.txt" is the debug script while a
> successful authentication is happened. [In this case the password  
> was a
> combination of letters and numbers]
>
> The second file " 2_notauthenticated.txt" is the debug script when the
> password is with some letters and special characters. [The password I
> used is: Aaaa!@#$%^  ]
>
> Initially I was thinking that the authentication was not successful  
> due
> to a dot came on the username. It is not related to that.
>
> Note:- I am using radpwtst from the command prompt to test the
> authentication.
>
> Thanks and Regards,
>
> Aboo Vattem Kandathil
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, February 25, 2009 1:27 AM
> To: Aboo Vattem. Kandathil
> Cc: radiator at open.com.au
> Subject: [BULK] Re: [RADIATOR] LDAP is not authenticating when the
> username cotains DOT or password cotains #
> Importance: Low
>
>
> Hello Aboo Vattem Kandathil -
>
> Could you please add "Debug 255" to your AuthBy LDAP2 clause, then run
> radiusd like this in a terminal window so we can see what is  
> happening:
>
> 	cd /your/Radiator/source/distribution
>
> 	perl radiusd -foreground -log_stdout -trace 4 -config_file
> /your/
> Radiator/configuration/file
>
> 	.....
>
> You will need to use your local pathnames in the above of course.
>
> Can you also please tell me what hardware/software platform you are
> running on, and what versions of Radiator and Perl?
>
> regards
>
> Hugh
>
>
> On 24 Feb 2009, at 20:27, Aboo Vattem. Kandathil wrote:
>
>> Hello,
>>
>> Can anyone please help me to configure the LDAP authentication in a
>> generic way.
>>
>> The below is the configuration which I am using currently to do the
>> authentication.
>>
>> <AuthBy LDAP2>
>>                Host                       jed-adr.sps.net.sa
>> 		AuthDN
>> cn=testun,ou=headoffice,ou=Employees,dc=mydomain,dc=com
>> 		AuthPassword Ab00123456
>> 		BaseDN                                %0=%1,
>> ou=headoffice,ou=Employees,dc=mydomain,dc=com
>> 		UsernameAttr   cn
>> 		ServerChecksPassword
>> 		PasswordAttr    userPassword
>> 		HoldServerConnection
>> 		AddToReply Framed-Protocol = PPP,\
>>                                Framed-IP-Netmask = 255.255.255.255,\
>>                                Framed-Routing = None,\
>>                                Framed-MTU = 1500,\
>>                                                Framed-Compression =
>> Van-Jacobson-TCP-IP
>> 		Timeout 8
>> 		Version 3
>> </AuthBy>
>>
>> It works fine if I use a username without any DOT in it. I have
>> active directory username with dot in the username for example:
>> headoffice.user1
>>
>> Also I face problem with user password. If the user password
>> contains with # symbol it is not authenticating.
>>
>>
>>
>>
>> Thanks and Regards,
>>
>> Aboo Vattem Kandathil
>> <image001.jpg>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> <1_authenticated.txt><2_notauthenticated.txt>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list