H Arya,
On Tue, 1 Aug 2017, Arya, Manish Kumar wrote:
# Infinera
<AuthBy LDAP2>
NoDefault
Identifier infi_user_auth
Host xxxx
Port xxxx
Timeout 60
AuthDN xxxx
AuthPassword xxxxx
BaseDN xxxxxx
Scope subtree
SearchFilter (&(access-device-type=infinera)(raduser=%1))
UsernameAttr raduser
PasswordAttr radpass
ServerChecksPassword
AuthAttrDef radpass,User-Password,check
AuthAttrDef my-Infinera-User-Priv-SA,Infinera-User-Priv-SA,reply
AuthAttrDef my-Infinera-User-Priv-NE,Infinera-User-Priv-NE,reply
AuthAttrDef my-Infinera-User-Priv-NA,Infinera-User-Priv-NA,reply
AuthAttrDef my-Infinera-User-Priv-PR,Infinera-User-Priv-PR,reply
AuthAttrDef my-Infinera-User-Priv-TT,Infinera-User-Priv-TT,reply
AddToReplyIfNotExist Service-Type=Login-User
</AuthBy>
Tue Aug 1 11:56:38 2017: DEBUG: Handling request with Handler '', Identifier ''
Tue Aug 1 11:56:38 2017: DEBUG: Deleting session for infiuser2, 10.91.142.96,
Tue Aug 1 11:56:38 2017: DEBUG: Handling with Radius::AuthLDAP2: infi_user_auth
Tue Aug 1 11:56:38 2017: INFO: Connecting to 10.91.118.24:389
Tue Aug 1 11:56:38 2017: INFO: Attempting to bind to LDAP server
10.91.118.24:389
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got result for
uid=infiuser2,ou=people,o=,ou=customers,dc=xxx,dc=net
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got radpass: abcd1234
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-SA:
SA-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-NE:
NE-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-NA:
NA-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-PR:
PR-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: LDAP got my-Infinera-User-Priv-TT:
TT-PRIVILEGED
Tue Aug 1 11:56:38 2017: DEBUG: Radius::AuthLDAP2 looks for match with
infiuser2 [infiuser2]
Tue Aug 1 11:56:38 2017: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password:
infiuser2 [infiuser2]
Tue Aug 1 11:56:38 2017: DEBUG: AuthBy LDAP2 result: REJECT, Bad Password
Tue Aug 1 11:56:38 2017: INFO: Access rejected for infiuser2: Bad Password
Tue Aug 1 11:56:38 2017: DEBUG: Packet dump:
you are using ServerChecksPassword in above config which means radiator does
not compare the password itself but tries to bind the ldap server with the user
credentials.
In your case it is hihgly propable that the ldap server does not allow
"uid=infiuser2,ou=people,o=,ou=customers,dc=xxx,dc=net" to bind to your ldap
which is what above logs are trying to tell you.
Just remove the ServerChecksPassword from the AuthBy LDAP2 and it should work.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: [email protected] Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
