[RADIATOR] ADSI Authentication problem
Hugh Irvine
hugh at open.com.au
Fri Aug 6 16:21:38 CDT 2010
Hello Adrian -
It looks like you have not correctly installed the prerequisites for ADSI.
See section 5.41 in the Radiator 4.6 reference manual ("doc/ref.pdf").
If you are running on Windows I suggest the AuthBy LSA clause instead, which is much more flexible.
See section 5.51 in the manual.
regards
Hugh
On 7 Aug 2010, at 03:54, adrian wrote:
> * Hi:
>
> I'm configuring radiator to use ADSI Authentication as indicated below:
> *
> RewriteUsername s/^([^@]+).*/$1/
> <Handler Request-Type = Accounting-Request>
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource dbi:ODBC:MyDatasource
> DBUsername myusername
> DBAuth mypassword
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
>
>
> </AuthBy>
> </Handler>
> <Handler>
> <AuthBy ADSI>
> BindString LDAP://cn=%0,ou=QA,dc=YouRoam,dc=com
>
> </AuthBy>
> </Handler>
>
>
> *The problem is that I obtain the following error messages when Radiator
> try to authenticate the user. Can any one tell me what's wrong. *
>
> Fri Aug 6 19:08:01 2010: DEBUG: Handling request with Handler ''
> Fri Aug 6 19:08:01 2010: DEBUG: Deleting session for
> qausernewserv3810 at YouRoam
> .com, 192.168.124.254, 3772
> Fri Aug 6 19:08:01 2010: DEBUG: Handling with ADSI
> Fri Aug 6 19:08:01 2010: DEBUG: BindString converted to
> LDAP://cn=qausernewserv
> 3810,ou=QA,dc=YouRoam,dc=com
> Fri Aug 6 19:08:01 2010: DEBUG: AuthUser converted to qausernewserv3810
> Fri Aug 6 19:08:01 2010: DEBUG: Connecting to namespace: LDAP:
> Fri Aug 6 19:08:01 2010: DEBUG: Running OpenDSObject on
> LDAP://cn=qausernewserv
> 3810,ou=QA,dc=YouRoam,dc=com
> Fri Aug 6 19:08:01 2010: DEBUG: Could not get user object:
> Win32::OLE(0.1709) e
> rror 0x8007052e: "Logon failure: unknown user name or bad
> password"
> in METHOD/PROPERTYGET "OpenDSObject"
> Fri Aug 6 19:08:01 2010: DEBUG: AuthBy ADSI result: REJECT, Could not
> find user
>
> Fri Aug 6 19:08:01 2010: INFO: Access rejected for qausernewserv3810:
> Could not
> find user
> Fri Aug 6 19:08:01 2010: DEBUG: Packet dump:
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list