[RADIATOR] LDAP OPERATIONS ERROR with RADIATOR

Hugh Irvine hugh at open.com.au
Fri May 14 18:31:32 CDT 2010 

Hello Jure -

You have a couple of problems with what you are trying to do.

1. you cannot get the user password from AD - that is why you are getting the error

2. the debug indicates that the access request is for EAP

I suggest you use the example configuration file in "goodies/lsa_eap_peap.cfg", but fo this you will need to install the required Perl prerequisites.

You can install the precompiled versions of Net-SSLeay and Win32-Lsa from our web site:


	ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd

	ppm install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd	


hope that helps

regards

Hugh


On 15 May 2010, at 06:51, Jure Simundic wrote:

> Hi,
> 
> I would be very grateful if someone could help me with LDAP authentication problem. I am using Microsoft Active Directory LDAP on Windows Server 2003 as user authentication database and RADIATOR evaluate. ver. 4.6. While authenticating I receive LDAP error message LDAP_OPERATIONS_ERROR and I cannot find where the problem lies. This message means that library initialization fails but since this is the first time I am facing LDAP, as student, I don't know how to solve it and on Internet I could not find satisfactory help for this. Usually, this LDAP is used on department network for users trying to log into computer with their name (no realm), password and domain name (lss-net). I am authenticating users in the form of user at lss-net.lss.hr but I strip realm before entering LDAP and I take that as uid. Also, I don't enter anywhere domain name parameter (lss-net) which users trying to login into computer must write as I've written above.  (Could this be the problem?)
> 
> I must say how I'm not sure whether I am using correct  UserAttr  and PasswordAttr for Microsoft AD LDAP since LDAP admin wasn't sure himself what where the attribute types for that.
> 
>  
> Configuration file:
> 
> Foreground
> LogStdout
> LogDir          c:/Program Files/Radiator
> DbDir          c:/Program Files/Radiator
>  
> AuthPort 1812
> AcctPort 1813
> Trace           4
>  
> <Client DEFAULT>
>      Secret    gfgfgfffg
>      DupInterval 0
> </Client>
>  
> <Handler Realm= "lss-net.lss.hr">   
>      RewriteUsername s/^([^@]+).*/$1/
>      <AuthBy LDAP2>
>           NoEAP
>           # LDAP-2 za Microsoft Active Directory
>           Version 3
>           Host  IPaddress
>           Port 389
>           UsernameAttr uid
> PasswordAttr passwd
>           BaseDN dc=lss-net
>           Scope sub
>           ServerChecksPasswordSS
>           NoDefault
>           AddToReply Framed-Protocol = PPP,\
>                 Framed-IP-Netmask = 255.255.255.255,\
>                 Framed-Routing = None,\
>                 Framed-MTU = 1500,\
>           Framed-Compression = Van-Jacobson-TCP-IP
>      </AuthBy>
> </Handler>
> Debug:
> 
> *** Received from 161.xxxxxxxx port 1812 ....
> Code:       Access-Request
> Identifier: 11
> Authentic:  /<15>1D<15><128><190>1<136><151><0> <141>xI<22>
> Attributes:
>      NAS-IP-Address = 161.xxxxx
>      NAS-Port-Type = Async
>      User-Name = "jsimundic at lss-net.lss.hr"
>      Service-Type = Framed-User
>      Framed-MTU = 1500
>      Calling-Station-Id = "00-50-bf-ee-be-bc"
>      EAP-Message = <2><0><0><29><1>jsimundic at lss-net.lss.hr
>      Message-Authenticator = 0<170><132>x<226><174><245><205><168><243>5<3><237>\zs
>  
> Fri May 14 14:49:50 2010: DEBUG: Handling request with Handler 'Realm= "lss-net.lss.hr"'
> Fri May 14 14:49:50 2010: DEBUG: Rewrote user name to jsimundic
> Fri May 14 14:49:50 2010: DEBUG:  Deleting session for jsimundic at lss-net.lss.hr, 161.xxxxxxx,
> Fri May 14 14:49:50 2010: DEBUG: Handling with Radius::AuthLDAP2:
> Fri May 14 14:49:50 2010: INFO: Connecting to 161.53.xxxx:389
> Fri May 14 14:49:50 2010: INFO: Attempting to bind to LDAP server 161.53.xxxxx:389
> Fri May 14 14:49:50 2010: ERR: ldap search for (uid=jsimundic) failed with error LDAP_OPERATIONS_ERROR.
> Fri May 14 14:49:50 2010: ERR: Disconnecting from LDAP server (server 161.53.xxxx:389).
> Fri May 14 14:49:50 2010: DEBUG: AuthBy LDAP2 result: IGNORE, User database access error
>  
> Jure šimundić
> 
> ---
> 
> Student at Faculty of Electrical Engineering and Computing in Zagreb
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list