[RADIATOR] Radiator + LDAP tries to use "(?uid=)" as search filter...

Isaac Freeman isaac at us.ibm.com
Tue Sep 13 15:08:09 CDT 2011


HAHA! Yeah, I had just enabled LDAP debugging in the config, and noticed
that in the outgoing LDAP packet it seemed to be sending gibberish as the
password. Then I saw your e-mail right as I was about to report this
strangeness. Tried providing the secret to radpwtst and it works! Now to
find the networking guy and have him test it with a real switch.

Thanks a ton for your help! :)

--
Isaac Freeman - Systems Administrator
IBM Information Protection Services
isaac at us.ibm.com
919-254-0245



From:	Martin Burton <mvb at sanger.ac.uk>
To:	Isaac Freeman/Raleigh/Contr/IBM at IBMUS
Cc:	radiator at open.com.au
Date:	09/13/2011 04:01 PM
Subject:	Re: [RADIATOR] Radiator + LDAP tries to use "(?uid=)" as
            search	filter...



I just noticed that in your original post you redacted the shared secret
for the DEFAULT client.  Was that because you changed it from "mysecret"
or whatever was in there originally?

The reason I ask is that RADIUS uses (amongst other things) the shared
secret to encrypt the User-Password attribute.  By default radpwtst uses
"mysecret" as its shared secret, so if you changed it you'll need to
specify the new shared secret on the radpwtst command line.  A
mismatched shared secret doesn't prevent the NAS from making a
connection to the radius server, but it does mean that User-Password
gets garbled.




On 13/09/2011 20:43, Isaac Freeman wrote:
>
> Yeah, I tried that too with no luck:
>
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from
> IP=127.0.0.1:48820 (IP=0.0.0.0:389)
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0
> text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH
> base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)"
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND
> dn="cn=testuser,ou=People,dc=<my-domain>" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49
> text=
>
> still the same err=49 (bad credentials).
>


--
Martin Burton
Senior Systems Administrator               \\\|||///
Special Projects Team                     \\  ^ ^  //
Wellcome Trust Sanger Institute            (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
                                  http://www.sanger.ac.uk

[attachment "signature.asc" deleted by Isaac Freeman/Raleigh/Contr/IBM]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110913/8c19f469/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110913/8c19f469/attachment-0001.gif 


More information about the radiator mailing list