Hello Lasse,
On Jun 10, 10:50am, Lasse L. Johnsen wrote:
> Subject: (RADIATOR) LDAP funktion and Netscape LDAP server
> Hello,
>
> This email is regarding a possible problem in the Radiator Radius server
> when it is working with Netscapes LDAP server.
>
>
> Here is a radius log dump:
> ____________________________________________________________________________
> _________________
>
> Thu Jun 10 08:01:12 1999: DEBUG: Packet dump:
> *** Received from 194.177.224.55 port 3775 ....
> Code: Access-Request
> Identifier: 125
> Authentic: _<164>U7m""<14>X"<165><230>iQ<251><206>
> Attributes:
> Service-Type = Login-User
> User-Name = "jfs"
> User-Password =
> "<155><227><240><198><155>.?<24><164><154><189><1><19><2
> 15><148><148>"
> NAS-IP-Address = 194.177.224.55
> NAS-Port = 0
> Thu Jun 10 08:01:12 1999: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Jun 10 08:01:12 1999: DEBUG: Handling with Radius::AuthLDAP
> Thu Jun 10 08:01:12 1999: DEBUG: Connecting to tgserv.tele.gl, port 389
> Thu Jun 10 08:01:12 1999: DEBUG: LDAP got result for uid=jfs,o=greennet.gl
> Thu Jun 10 08:01:12 1999: DEBUG: LDAP got userpassword: {crypt}45wDd3av8.pmCk
> Thu Jun 10 08:01:12 1999: DEBUG: Radius::AuthLDAP looks for match with jfs
> Thu Jun 10 08:01:12 1999: DEBUG: Radius::AuthLDAP REJECT: Bad
> Encrypted-Password
> Thu Jun 10 08:01:13 1999: DEBUG: No entries for DEFAULT found in LDAP
> database
> Thu Jun 10 08:01:13 1999: INFO: Access rejected for jfs: Bad
> Encrypted-Password
> Thu Jun 10 08:01:13 1999: DEBUG: Packet dump:
> *** Sending to 194.177.224.55 port 3775 ....
> Code: Access-Reject
> Identifier: 125
> Authentic: _<164>U7m""<14>X"<165><230>iQ<251><206>
> Attributes:
> Reply-Message = "Request Denied"
>
> ____________________________________________________________________________
> __________
>
> And here's from the LDAP server:
>
> [10/Jun/1999:09:12:03 -0200] conn=49 fd=25 slot=25 connection from
> 194.177.224.5
> [10/Jun/1999:09:12:03 -0200] conn=49 op=0 BIND dn="cn=Administrator"
> method=
> 128 version=2
> [10/Jun/1999:09:12:03 -0200] conn=49 op=0 RESULT err=0 tag=97 nentries=0
> [10/Jun/1999:09:12:03 -0200] conn=49 op=1 SRCH base="o=greennet.gl" scope=2
> filt
> er="(uid=jfs)"
> [10/Jun/1999:09:12:03 -0200] conn=49 op=1 RESULT err=0 tag=101 nentries=1
> [10/Jun/1999:09:12:03 -0200] conn=49 op=2 SRCH base="o=greennet.gl" scope=2
> filt
> er="(uid=DEFAULT)"
> [10/Jun/1999:09:12:03 -0200] conn=49 op=2 RESULT err=0 tag=101 nentries=0
>
> ____________________________________________________________________________
> _______________
>
> First of all - Why is the radius server looking for a default user in the
> LDAP server?
Looks like you must have specified the password attribute using
EncryptedPasswordAttr. This means that expects it to be a bare crypt password,
which is clearly not whats in the datasbe.
You want to use PasswordAttr instead, whcih knows how to interpret multiple
password formats, including ones with a leading {crypt}
>
> Second of all - {crypt}45wDd3av8.pmCk is from the LDAP server - the
> {crypt} shoulden't be used in the compairisment - yet I think it is.(?)
>
> So is this the reason for the authtification going wrong?
Yes.
>
> Thank you for taking the time to read my mail.
Thanks for giving us enough detail to diagnose the problem.
Hope that helps.
Cheers.
>
> Best Regards
> Lasse L. Johnsen /System Administrator /TELE Greenland Internet
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Lasse L. Johnsen
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
