Re: (RADIATOR) LDAP woes

Christian Hammers Tue, 29 Aug 2000 00:29:16 -0700
Hello Tu

> >>  On Sat, 26 Aug 2000, Tu Nguyen wrote:
> >>  >  Has anyone out there successful in using Radiator to authenticate
> >>  > with LDAP? I can't seem to get radiator to send the password.
> >>  > Below is the log when using radpwtst for user=joe with an incorrect
> >>  > password. I always get "Access-Accept", even with a wrong password.
> >>  > Sniffer trace shows no sign of the password either.

Mail me if you still have problems, I run radius with LDAP here w/o problems.
(Wrong passwords causes a deny here, wrong usernames also)

bye,

 -christian-

Sample:

LDAP:
cn=8W10829,ou=dialupAccounts,ou=10829,ou=kunden,dc=westend,dc=com
cn=8W10829
objectclass=westendRadiusAccount
radiususername=8W10829
radiuspassword=XXXXXXXXXXXX
radiusprofile=westend-dynamic-dialup

profiles.westend:
westend-dynamic-dialup:cisco: \
        Framed-Protocol=PPP, \
        Framed-Routing=None, \
        Service-Type=Framed-User, \
        cisco-avpair="ip:dns-servers=212.117.64.86 212.117.67.2", \
        cisco-avpair="ip:addr-pool=setup_pool"
[similar for :ascend: as we have two dialin router, Ascend MAX and AS5300]


radiator.conf:
  <AuthBy LDAP2>
    Host                XXXXXXXX.westend.com
    AuthDN              cn=XXXXXX,ou=XXXXXXX,dc=westend,dc=com
    AuthPassword        XXXXXXXXXX
    BaseDN              dc=westend,dc=com
    HoldServerConnection
  
    UsernameAttr        RadiusUsername
    PasswordAttr        RadiusPassword

    AuthAttrDef RadiusService-Type,             Service-Type,           check

    AuthAttrDef RadiusAscend-Client-Primary-DNS,Ascend-Client-Primary-DNS,reply
    AuthAttrDef RadiusAscend-Client-Secondary-DNS,Ascend-Client-Secondary-DNS,re
ply
    AuthAttrDef RadiusAscend-Idle-Limit,        Ascend-Idle-Limit,      reply
    AuthAttrDef Radiuscisco-avpair,             cisco-avpair,           reply
        ...
   AuthAttrDef RadiusProfile,                  Profile,                reply
  </AuthBy>
  PostAuthHook  file:"%D/hook.replaceProfiles"


-- 
Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
[EMAIL PROTECTED]     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) LDAP woes

Reply via email to
