Hello Allister -
I will need to see a copy of the trace 4 debug. thanks Hugh On Tue, 5 Feb 2002 20:07, Allister Maguire wrote: > Hello, > > We are testing radiator with LDAP to Active Directory, the problem is > Radiator seems to drop authentication attempts. What we have found, > Radiator Trace level 4, dialin with a couple of test clients, first > client fails due to no such user (this is correct, we see Access-Reject > on screen), second client fails with "Error 691: Access was denied > because the username and/or password was invaild on the domain." (This > is incorrect, username and password are correct. Also no Access-Request > or Access-Reject show up). Try again it works, it seems to be a timing > issue with mutliple attempts. > > We are using the demo of Radiator on Debian 2.2r5, client are Windows > XP, AD on Windows 2000 Advanced Server and Test RAS is Ascend 4000. > > Would this be a problem with our test NAS, Radiator, the server > Ratiator's on, or Active Directory? > > Can anyone help. > > Thanks > > Allister Maguire > > > > > # ad-ldap.cfg > # > # Example Radiator configuration file for authenticating from > # Active Directory via LDAP2, possibly from a Unix host. > # > # This very simple file will allow you to get started with > # a simple LDAP authentication system from AD. > # > # We suggest you start simple, prove to yourself that it > # works and then develop a more complicated configuration. > # > # > # You should consider this file to be a starting point only > # $Id: ad-ldap.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp $ > > Foreground > LogStdout > LogDir /var/log/radacct/radius > DbDir . > Trace 4 > LogFile %L/%Y-logfile > > DictionaryFile /home/amaguire/Radiator/dictionary.ascend > > > # You will probably want to add other Clients to suit your site. > <Client localhost> > Secret mysecret > DupInterval 0 > </Client> > > <Client 192.168.0.11> > Secret XXXXX > DupInterval 0 > </Client> > > # Authenticates users in the Organisational Unit called 'csx users' > # The user name coming from the NAS must match the sAMAccountName > # attribute of a user in that OU./ Users that are not in 'csx users' > # will not be able to log in. > <Realm DEFAULT> > <AuthBy LDAP2> > Host 192.168.0.6 > AuthDN cn=Proxy User,ou=Resources,ou=Globe.Net > Communications Ltd,dc=gnc,dc=net,dc=nz > # AuthPassword yourADadminpasswordhere > AuthPassword XXXXX > BaseDN ou=People,ou=Globe.Net Communications > Ltd,dc=gnc,dc=net,dc=nz > UsernameAttr sAMAccountName > # PasswordAttr msSFUPassword > # Password checking is performed using an LDAP bind > operation. > ServerChecksPassword > > # TCP connection timeout period, for LDAP server. > Timeout 2 > > AddToReply Service-Type = Framed-User,\ > Framed-Protocol = PPP,\ > Framed-Netmask = 255.255.255.255,\ > Framed-Routing = None,\ > Framed-Compression = Van-Jacobson-TCP-IP,\ > Ascend-Maximum-Channels = 1 > > AuthAttrDef radiusIdleTimeout,Ascend-Idle-Limit,reply > AuthAttrDef > radiusSessionTimeout,Ascend-Maximum-Time,reply > AuthAttrDef radiusCallingStationID,Caller-Id,check > # AuthAttrDef radiusCalledStationID,,check > AuthAttrDef radiusNASPortType,NAS-Port-Type,check > > # Reply with all the items in replyitems > # ReplyAttr radiusConnectionAttributes > > </AuthBy> > AcctLogFileName %L/%Y-%v-detail > </Realm> > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.