I just noticed that in your original post you redacted the shared secret for the DEFAULT client. Was that because you changed it from "mysecret" or whatever was in there originally?
The reason I ask is that RADIUS uses (amongst other things) the shared
secret to encrypt the User-Password attribute. By default radpwtst uses
"mysecret" as its shared secret, so if you changed it you'll need to
specify the new shared secret on the radpwtst command line. A
mismatched shared secret doesn't prevent the NAS from making a
connection to the radius server, but it does mean that User-Password
gets garbled.
On 13/09/2011 20:43, Isaac Freeman wrote:
>
> Yeah, I tried that too with no luck:
>
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from
> IP=127.0.0.1:48820 (IP=0.0.0.0:389)
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0
> text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH
> base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)"
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND
> dn="cn=testuser,ou=People,dc=<my-domain>" method=128
> Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49
> text=
>
> still the same err=49 (bad credentials).
>
--
Martin Burton
Senior Systems Administrator \\\|||///
Special Projects Team \\ ^ ^ //
Wellcome Trust Sanger Institute ( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
http://www.sanger.ac.uk
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
