[RADIATOR] Radiator logs showing

Hugh Irvine hugh at open.com.au
Mon May 20 03:17:10 CDT 2013 

Hello Prasoon -

The first thing to do is add "NoDefault" to your AuthBy LDAP2 clause.

This will stop the DEFAULTxxx lookups.

regards

Hugh


On 20 May 2013, at 15:01, Prasoon Majumdar <prasoonprince at gmail.com> wrote:

> Hi All,
> 
> user password in radius logs getting encrypted automatically and ldap is not ableto process the logs :
> 
> Fri May 17 14:04:23 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: DEFAULT1536 [pkoorika at cyan]
> Fri May 17 14:04:23 2013: INFO: Connecting to 10.91.118.24:389
> Fri May 17 14:04:24 2013: INFO: Attempting to bind to LDAP server 10.91.118.24:389
> Fri May 17 14:04:24 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, o=COLT, ou=customers, dc=colt,dc=net
> Fri May 17 14:04:25 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs
> Fri May 17 14:04:25 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator
> Fri May 17 14:04:26 2013: DEBUG: Radius::AuthLDAP2 looks for match with DEFAULT1537 [pkoorika at cyan]
> Fri May 17 14:04:26 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: DEFAULT1537 [pkoorika at cyan]
> Fri May 17 14:04:27 2013: INFO: Connecting to 10.91.118.24:389
> Fri May 17 14:04:27 2013: INFO: Attempting to bind to LDAP server 10.91.118.24:389
> Fri May 17 14:04:28 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, o=COLT, ou=customers, dc=colt,dc=net
> Fri May 17 14:04:28 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs
> Fri May 17 14:04:29 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator
> Fri May 17 14:04:29 2013: DEBUG: Radius::AuthLDAP2 looks for match with DEFAULT1538 [pkoorika at cyan]
> Fri May 17 14:04:30 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: DEFAULT1538 [pkoorika at cyan]
> Fri May 17 14:04:30 2013: INFO: Connecting to 10.91.118.24:389
> Fri May 17 14:04:31 2013: INFO: Attempting to bind to LDAP server 10.91.118.24:389
> Fri May 17 14:04:31 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, o=COLT, ou=customers, dc=colt,dc=net
> Fri May 17 14:04:32 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs
> Fri May 17 14:04:32 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator
> Fri May 17 14:04:33 2013: DEBUG: Radius::AuthLDAP2 looks for match with DEFAULT1539 [pkoorika at cyan]
> Fri May 17 14:04:33 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: DEFAULT1539 [pkoorika at cyan]
> Fri May 17 14:04:34 2013: INFO: Connecting to 10.91.118.24:389
> 
> 
> IS there a way to fix this issue, my configuration is listed below :
> 
> 
> AuthPort 1812, 1645
> AcctPort 1813, 1646
> DbDir /etc/radiator/db
> DictionaryFile %D/dictionary
> LogDir /var/log/radiator
> LogFile %L/radiator.log
> PidFile /var/log/radiator/radiator.pid
> #SocketQueueLength      1000
> Trace 4
> include %D/clients.cfg
> 
> #
> # Convert username to lowercase
> #
> RewriteUsername tr/A-Z/a-z/
> 
> #
> # SYSLOG Configuration
> #
> <Log SYSLOG>
> #       Facility        radius
>         Trace           4
>         LogSock         udp
>         LogHost         10.5.2.45
> </Log>
> 
> #
> # Authentication Logs
> #
> <AuthLog FILE>
>         Identifier auth_log
>         Filename        %L/auth-%Y-%v.log
>         SuccessFormat   %B:%u(NAS-Port: %{NAS-Port}):OK
>         FailureFormat   %B:%u(NAS-Port: %{NAS-Port}):%1:%P:FAIL
>         LogSuccess      1
>         LogFailure      1
> </AuthLog>
> 
> #
> # Status logs
> 
> <StatsLog FILE>
>         Interval        86400
>         Filename        /var/log/radiator/stats.log
> </StatsLog>
> 
> 
> 
> #Cyan User Auth
> <AuthBy LDAP2>
>         Identifier      cyan_user_auth
>         Host            10.91.118.24
>         Port            389
>         Timeout         60
>         AuthDN          uid=radius,ou=appusers,dc=colt,dc=net
>         AuthPassword    r at d1u5
>         BaseDN          o=colt,ou=customers,dc=colt,dc=net
>         Scope           subtree
>         SearchFilter    (uid=%U)
>         UsernameAttr    uid
>         PasswordAttr    userPassword
>         ServerChecksPassword
>         AuthAttrDef     userPassword,User-Password,check
>         AuthAttrDef     radius-Callback-Id,Callback-Id,reply
>         AuthAttrDef     Cyaninc-User-Roles,CyanInc-User-Roles,reply
>         AuthAttrDef     Cyaninc-Acct-Event-Text,CyanInc-Acct-Event-Text,reply
>         AddToReplyIfNotExist    Service-Type=Login-User
> </AuthBy>
> 
> 
> 
> <Handler Realm = cyan>
>         AuthLog         auth_log
>         RewriteUsername s/^([^@]+).*/$1/
>         AuthBy          cyan_user_auth
> </Handler>
> 
> 
> Any ideas how can be fix the "{crypt}2hn4lvaP15OXs" paramter appearing for ldap uids.
> 
> -- 
> Regards,
> Prasoon Majumdar
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list