[RADIATOR] Radiator + LDAP tries to use "(?uid=)" as search filter...
Martin Burton
mvb at sanger.ac.uk
Tue Sep 13 14:58:30 CDT 2011
I just noticed that in your original post you redacted the shared secret
for the DEFAULT client. Was that because you changed it from "mysecret"
or whatever was in there originally?
The reason I ask is that RADIUS uses (amongst other things) the shared
secret to encrypt the User-Password attribute. By default radpwtst uses
"mysecret" as its shared secret, so if you changed it you'll need to
specify the new shared secret on the radpwtst command line. A
mismatched shared secret doesn't prevent the NAS from making a
connection to the radius server, but it does mean that User-Password
gets garbled.
On 13/09/2011 20:43, Isaac Freeman wrote:
>
> Yeah, I tried that too with no luck:
>
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from
> IP=127.0.0.1:48820 (IP=0.0.0.0:389)
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0
> text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH
> base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)"
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND
> dn="cn=testuser,ou=People,dc=<my-domain>" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49
> text=
>
> still the same err=49 (bad credentials).
>
--
Martin Burton
Senior Systems Administrator \\\|||///
Special Projects Team \\ ^ ^ //
Wellcome Trust Sanger Institute ( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
http://www.sanger.ac.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://www.open.com.au/pipermail/radiator/attachments/20110913/108c75b3/attachment.bin
More information about the radiator
mailing list