[RADIATOR] ADSI Authentication problem

Hugh Irvine hugh at open.com.au
Fri Aug 6 16:21:38 CDT 2010


Hello Adrian -

It looks like you have not correctly installed the prerequisites for ADSI.

See section 5.41 in the Radiator 4.6 reference manual ("doc/ref.pdf").

If you are running on Windows I suggest the AuthBy LSA clause instead, which is much more flexible.

See section 5.51 in the manual.

regards

Hugh


On 7 Aug 2010, at 03:54, adrian wrote:

> * Hi:
> 
> I'm configuring radiator to use ADSI Authentication as indicated below:
> *
> RewriteUsername    s/^([^@]+).*/$1/
> <Handler Request-Type = Accounting-Request>
> <AuthBy SQL>
>    # Adjust DBSource, DBUsername, DBAuth to suit your DB
>    DBSource    dbi:ODBC:MyDatasource
>    DBUsername        myusername
>    DBAuth          mypassword
> 
>      AccountingTable ACCOUNTING
>      AcctColumnDef   USERNAME,User-Name
>      AcctColumnDef   TIME_STAMP,Timestamp,integer
>      AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>      AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>      AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>      AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>      AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>      AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>      AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>      AcctColumnDef   ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
>      AcctColumnDef   FRAMEDIPADDRESS,Framed-Address
>      AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>      AcctColumnDef   NASPORT,NAS-Port,integer
> 
> 
> </AuthBy>
> </Handler>
> <Handler>
> <AuthBy ADSI>
>          BindString LDAP://cn=%0,ou=QA,dc=YouRoam,dc=com
> 
> </AuthBy>
> </Handler>
> 
> 
> *The problem is that I obtain the following error messages when Radiator 
> try to authenticate the user.  Can any one tell me what's wrong. *
> 
> Fri Aug  6 19:08:01 2010: DEBUG: Handling request with Handler ''
> Fri Aug  6 19:08:01 2010: DEBUG:  Deleting session for 
> qausernewserv3810 at YouRoam
> .com, 192.168.124.254, 3772
> Fri Aug  6 19:08:01 2010: DEBUG: Handling with ADSI
> Fri Aug  6 19:08:01 2010: DEBUG: BindString converted to 
> LDAP://cn=qausernewserv
> 3810,ou=QA,dc=YouRoam,dc=com
> Fri Aug  6 19:08:01 2010: DEBUG: AuthUser converted to qausernewserv3810
> Fri Aug  6 19:08:01 2010: DEBUG: Connecting to namespace: LDAP:
> Fri Aug  6 19:08:01 2010: DEBUG: Running OpenDSObject on 
> LDAP://cn=qausernewserv
> 3810,ou=QA,dc=YouRoam,dc=com
> Fri Aug  6 19:08:01 2010: DEBUG: Could not get user object: 
> Win32::OLE(0.1709) e
> rror 0x8007052e: "Logon failure: unknown user name or bad
> password"
>    in METHOD/PROPERTYGET "OpenDSObject"
> Fri Aug  6 19:08:01 2010: DEBUG: AuthBy ADSI result: REJECT, Could not 
> find user
> 
> Fri Aug  6 19:08:01 2010: INFO: Access rejected for qausernewserv3810: 
> Could not
> find user
> Fri Aug  6 19:08:01 2010: DEBUG: Packet dump:
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list