Re: (RADIATOR) Bad LDAP Result

Hugh Irvine Mon, 19 Mar 2001 15:57:47 -0800
       
Hello Daniel -

This is a known problem with LDAP servers that return incorrect results when 
Radiator looks for "DEFAULT" users. The best solution if you are not using 
DEFAULT's is to configure "NoDefault" in the AuthBy clause.

Have a look at section 6.16.11 in the Radiator 2.18 reference manual.

hth

Hugh


On Tuesday 20 March 2001 02:45, [EMAIL PROTECTED] wrote:
> Hi all,
>
> While I was testing 'searchFilter' function like mentioned last week (Julio
> Prada`s posts),
> something strange happened and I still don't know what. This was my cfg
> file (Radiator 2.17.1):
>
> <AuthBy LDAP2>
>   AuthDN ...
>   AuthPassword ...
>   BaseDN ...
>   Host ...
>   Identifier ID_1
>   PasswordAttr password
>   Port ...
>   SearchFilter (&(login=%{User-Name})(callingId=%{Calling-Station-Id}))
>   UsernameAttr login
> </AuthBy>
>
> <Client localhost>
>   DupInterval 0
>   Secret ...
>   StatusServerShowClientDetails
> </Client>
>
> <Realm DEFAULT>
>   AcctLogFileName %L/detail
>   AuthBy ID_1
>   PasswordLogFileName %L/password
>   RejectHasReason
> </Realm>
>
>
>  I wanted to simulate pre-authentication feature so I sent this
> Access-Request
>  with 'radpwtst' GUI (version 2.18):
>
> Mon Mar 19 16:24:50 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1025 ....
> Code:       Access-Request
> Identifier: 164
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "912910000"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 12345
>         Called-Station-Id = "912910000"
>         Calling-Station-Id = "947000003"
>         NAS-Port-Type = Async
>         User-Password =
> "<187>4<204><168><187><215>M<208><18>N<222>D9%<208><12>"
>
>
> It worked when the password was true. When wasn`t, this output happened:
>
>
> Mon Mar 19 16:24:50 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Mon Mar 19 16:24:50 2001: DEBUG:  Deleting session for
> 912910000, 203.63.154.1, 12345
> Mon Mar 19 16:24:50 2001: DEBUG: Handling with Radius::AuthLDAP2
> Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> 91291000 0
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
> Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> DEFAULT Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> DEFAULT1 Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> DEFAULT2 Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> DEFAULT3 Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got password: i2p
> Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 looks for match with
> DEFAULT4 Mon Mar 19 16:24:50 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad
> Password Mon Mar 19 16:24:50 2001: DEBUG: Connecting to ...
> Mon Mar 19 16:24:50 2001: DEBUG: LDAP got result for login=912910000...
> [..]
>
> And it grew, grew, grew .....
>
> Coud someone explain why?
>
> Thanks in advance...
>
> Daniel Terán.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Bad LDAP Result

Reply via email to
