[RADIATOR] "Bad Encrypted password" - Authby LDAP2 and Active Directory

Hugh Irvine hugh at open.com.au
Tue Sep 14 12:44:55 CDT 2010 

Hello Bob -

We will need to see a copy of the configuration file and a more complete trace 4 debug showing the startup messages as well as what is happening with the requests.

For the most flexibility I suggest the AuthBy NTLM clause on *NIX and the AuthBy LSA clause on Windows.

regards

Hugh


On 14 Sep 2010, at 12:11, Bob Rotsted wrote:

> Hi all,
> 
> I'm attempting to use Authby LDAP2 to proxy authentication requests to
> our active directory server with the "ServerChecksPassword" switch.
> 
> Everything appears to be working correctly -- binding completes, etc --
> until the user's password is verified. When AD checks the user's
> password, Authby LDAP2 throws the following errors:
> 
> Tue Sep 14 09:46:48 2010: DEBUG: Radius::AuthLDAP2 looks for match with
> user [user]
> Tue Sep 14 09:46:48 2010: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted
> password: user [user]
> Tue Sep 14 09:46:48 2010: INFO: Connecting to 131.252.0.0:636
> Tue Sep 14 09:46:48 2010: INFO: Attempting to bind to LDAP server
> 131.252.0.0:636
> Tue Sep 14 09:46:48 2010: DEBUG: No entries for DEFAULT found in LDAP
> database
> Tue Sep 14 09:46:48 2010: DEBUG: AuthBy LDAP2 result: REJECT, Bad
> Encrypted password
> Tue Sep 14 09:46:48 2010: INFO: Access rejected for user: Bad Encrypted
> password
> 
> My current configuration works on another server, perhaps my new server
> is missing a library? Anyone else experiencing this issue?
> 
> Best,
> 
> -- 
> Bob Rotsted
> 
> Network Security Analyst
> Portland State University
> Desk: 503-725-6215
> Cell: 503-208-6575
> 314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list