Re: Active Directory (Win2003) rlm_ldap

2006-07-25 Thread Charlie B 
Sorry Alan,  didn't mean to be antagonistic.  Your were dead on about the solution.thx
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Active Directory (Win2003) rlm_ldap

2006-07-21 Thread Alan DeKok 
"Charlie B" <[EMAIL PROTECTED]> wrote:
> I have checked the shared secret, and earlier in the debug you can see that
> it binds successfully.

  To LDAP?  That doesn't matter.  The shared secret isn't used there.

>  After which it attempt to authenticate the user with
> the credientials provided and fails, the only thing I can see is that it is
> changing the password provided into garbage

  Because, as the message says, the shared secret is wrong.

> In all the examples I can find on the password sent is in clear
> test, so then why in my example is it encrypted?

  Because the shared secret is wrong.

>  How do I undo this?

  Use the correct shared secret.

  I fail to understand why you're arguing when you could just go fix
the shared secret, and prove to yourself that fixing it solves the
problem.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Active Directory (Win2003) rlm_ldap

2006-07-21 Thread Charlie B 
Thanks for the reply,I have checked the shared secret, and earlier in the debug you can see that it binds successfully.  After which it attempt to authenticate the user with the credientials provided and fails, the only thing I can see is that it is changing the password provided into garbage and sending this to Active directory which is turing around and saying incorrect password.  In all the examples I can find on the password sent is in clear test, so then why in my example is it encrypted?  How do I undo this?
On 7/20/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Charlie B" <[EMAIL PROTECTED]> wrote:> Question:  What is causing the password to be encrypted?  It is not the> password entered.  Read the debug output:
>   WARNING: Unprintable characters in the password. ?  Double-check the> shared secret on the server and the NAS!  Alan DeKok.-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Active Directory (Win2003) rlm_ldap

2006-07-20 Thread Alan DeKok 
"Charlie B" <[EMAIL PROTECTED]> wrote:
> Question:  What is causing the password to be encrypted?  It is not the
> password entered.

  Read the debug output:

>   WARNING: Unprintable characters in the password. ?  Double-check the
> shared secret on the server and the NAS!

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Active Directory (Win2003) rlm_ldap

2006-07-20 Thread Charlie B 
Question:  What is causing the password to be encrypted?  It is not the password entered. radtest bradbrookc putz041277! localhost 0 xxxrad_recv: Access-Request packet from host 
127.0.0.1:32806, id=152, length=62    User-Name = "bradbrookc"    User-Password = "\t\354B\252\355\345BI\237\034\217\316\315\363\351\271"    NAS-IP-Address = 
255.255.255.255    NAS-Port = 0  Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: No '@' in User-Name = "bradbrookc", looking up realm NULL    rlm_realm: No such realm "NULL"  modcall[authorize]: module "suffix" returns noop for request 0    users: Matched entry DEFAULT at line 152
    users: Matched entry bradbrookc at line 218  modcall[authorize]: module "files" returns ok for request 0rlm_ldap: - authorizerlm_ldap: performing user authorization for bradbrookcradius_xlat:  '(&(SamAccountName=bradbrookc))'
radius_xlat:  'ou=x,dc=xxx,dc=xxx,dc=xxx'rlm_ldap: ldap_get_conn: Checking Id: 0rlm_ldap: ldap_get_conn: Got Id: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to cnsx:389, authentication 0
rlm_ldap: bind as xx/xx to cnsx:389rlm_ldap: waiting for bind result ...rlm_ldap: Bind was successfulrlm_ldap: performing search in ou=,dc=xx,dc=,dc=xxx, with filter (&(SamAccountName=bradbrookc))
rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user bradbrookc authorized to use remote accessrlm_ldap: ldap_release_conn: Release Id: 0  modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0  rad_check_password:  Found Auth-Type LDAPauth: type "LDAP"  Processing the authenticate section of radiusd.confmodcall: entering group Auth-Type for request 0
rlm_ldap: - authenticaterlm_ldap: login attempt by "bradbrookc" with password "?ìBªíåBI???ÎÍóé¹"rlm_ldap: user DN: CN=xx\, xxx,OU=xxx,OU=xxx,DC=xxx,DC=xxx,DC=xxx
rlm_ldap: (re)connect to cnsad.ads.nint.org:389, authentication 1rlm_ldap: bind as CN=\, ,OU=xxx,OU=xxx,DC=,DC=xxx,DC=org/
?ìBªíåBI???ÎÍóé¹ to cnsx:389rlm_ldap: waiting for bind result ...rlm_ldap: Bind failed with invalid credentials  modcall[authenticate]: module "ldap" returns reject for request 0modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.Login incorrect (rlm_ldap: Bind as user failed): [bradbrookc] (from client localhost port 0)  WARNING: Unprintable characters in the password. ?  Double-check the shared secret on the server and the NAS!
Delaying request 0 for 1 secondsFinished request 0Going to the next request--- Walking the entire request list ---OS:Fedora Core 5FreeRadius 1.0.5-1.2Help would be great, I have been attempting different combination with no luck.
thx
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html