[RADIATOR] "Bad password" error in logs
Arya, Manish Kumar
m.arya at yahoo.com
Tue Aug 1 06:48:58 UTC 2017
Hi,
I am integrating Infinera devices with radius. I have done the radius config as following:I am storing password in plaintext on LDAP. Can someone please hint what can be wrong in config ?
# Infinera
<AuthBy LDAP2>
NoDefault
Identifier infi_user_auth
Host xxxx
Port xxxx
Timeout 60
AuthDN xxxx
AuthPassword xxxxx
BaseDN xxxxxx
Scope subtree
SearchFilter (&(access-device-type=infinera)(raduser=%1))
UsernameAttr raduser
PasswordAttr radpass
ServerChecksPassword
AuthAttrDef radpass,User-Password,check
AuthAttrDef my-Infinera-User-Priv-SA,Infinera-User-Priv-SA,reply
AuthAttrDef my-Infinera-User-Priv-NE,Infinera-User-Priv-NE,reply
AuthAttrDef my-Infinera-User-Priv-NA,Infinera-User-Priv-NA,reply
AuthAttrDef my-Infinera-User-Priv-PR,Infinera-User-Priv-PR,reply
AuthAttrDef my-Infinera-User-Priv-TT,Infinera-User-Priv-TT,reply
AddToReplyIfNotExist Service-Type=Login-User
</AuthBy>
Allowed client device
<Client xx.xx.xx.xx>
Secret xxxxxx
</Client>
We have checked share secret and password on both ends.
*** Received from 10.91.142.96 port 11894 ....
Packet length = 88
01 00 00 58 7b a3 2b 3a d7 73 63 92 65 b4 e2 e8
f4 a9 d7 fa 01 0b 69 6e 66 69 75 73 65 72 32 02
12 a1 15 7e 50 3b 24 89 24 95 03 b3 16 d4 4f a9
1e 1a 0c 00 00 53 30 f9 06 00 00 00 01 20 1b 6f
6e 65 63 62 6c 72 33 2e 62 6c 72 2e 6c 61 62 2e
63 6f 6c 74 2e 6e 65 74
Code: Access-Request
Identifier: 0
Authentic: {<163>+:<215>sc<146>e<180><226><232><244><169><215><250>
Attributes:
User-Name = "infiuser2"
User-Password = "abcd1234"
Infinera-Rsvd-Int-Attribute1 = INFINERA
NAS-Identifier = "onecblr3.blr.lab.xxx.net"
Tue Aug 1 11:56:38 2017: DEBUG: Handling request with Handler '', Identifier ''
Tue Aug 1 11:56:38 2017: DEBUG: Deleting session for infiuser2, 10.91.142.96,
Tue Aug 1 11:56:38 2017: DEBUG: Handling with Radius::AuthLDAP2: infi_user_auth
Tue Aug 1 11:56:38 2017: INFO: Connecting to 10.91.118.24:389
Tue Aug 1 11:56:38 2017: INFO: Attempting to bind to LDAP server 10.91.118.24:389
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got result for uid=infiuser2,ou=people,o=,ou=customers,dc=xxx,dc=net
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got radpass: abcd1234
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-SA: SA-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-NE: NE-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-NA: NA-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-PR: PR-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-TT: TT-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: Radius::AuthLDAP2 looks for match with infiuser2 [infiuser2]
Tue Aug 1 11:56:38 2017: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: infiuser2 [infiuser2]
Tue Aug 1 11:56:38 2017: DEBUG: AuthBy LDAP2 result: REJECT, Bad Password
Tue Aug 1 11:56:38 2017: INFO: Access rejected for infiuser2: Bad Password
Tue Aug 1 11:56:38 2017: DEBUG: Packet dump:
*** Sending to 10.91.142.96 port 11894 ....
Packet length = 36
03 00 00 24 91 65 b5 e6 b3 ba 9a c3 db 30 1b c9
90 43 38 56 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code: Access-Reject
Identifier: 0
Authentic: <145>e<181><230><179><186><154><195><219>0<27><201><144>C8V
Attributes:
Reply-Message = "Request Denied"
Regards,-Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20170801/35ddcc0b/attachment-0001.html>
More information about the radiator
mailing list