Hello Ingvar -
You mention that radpwtst works fine. Have you restarted radiusd since changing the secret in the client clause? And are you sure you are editing the correct configuration file?
If you still have problems, please send me a trace 5 debug showing both the radpwtst authentication and the cisco authentication, together with the configuration file with secrets used in both cases.
regards
Hugh
On Thursday, Nov 28, 2002, at 04:48 Australia/Melbourne, Ingvar Bjarnason wrote:
Hi everyone,
When authenticating against LDAP I keep getting rejected with reason
"Bad Password" when connecting from a Cisco NAS. radpwtst works fine
however. Here is my bare bones config and the debug log. I�m at the end
of my rope on this one, having read the reference materials, documents and
searched the archives to no avail. The passwords are not encrypted in
LDAP, the secret is the same on the NAS and the radius server so it should
work ... but it doesn�t. What am I doing wrong here ?
Best regards,
Ingvar
Ingvar Bjarnason
Network Engineer
Iceland Telecom
*************************Radiator config*************
LogDir /var/log/radius
LogFile /var/log/radius/radiuslog
DbDir /etc/radiator
Trace 4
AuthPort 1812
AcctPort 1813
<Client 192.168.0.1>
Secret testing123
DefaultRealm testing.is
</Client>
<Realm xxx>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP2>
NoDefault
Host 192.168.0.2
Port 389
AuthDN *removed*
AuthPassword testpass
BaseDN *removed*
UsernameAttr uid
PasswordAttr clearTextPassword
SearchFilter (&(serviceStatus=Active)(%0=%1))
</AuthBy>
</Realm>
******************************************************
****************debuglog*******************************
Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
*** Received from 192.168.0.1 port 1645 ....
Code: Access-Request
Identifier: 30
Authentic: <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
Attributes:
NAS-IP-Address = 192.168.0.1
NAS-Port = 18
NAS-Port-Type = Async
User-Name = "test"
Called-Station-Id = "12345"
Calling-Station-Id = "54321"
User-Password =
"<210><188>!<141><214>W'N<136><193><248><130>6<16><191><211>"
Service-Type = Framed-User
Framed-Protocol = PPP
Wed Nov 27 16:51:30 2002: DEBUG: Handling request with Handler
'Realm=testing.is'
Wed Nov 27 16:51:30 2002: DEBUG: Rewrote user name to test
Wed Nov 27 16:51:30 2002: DEBUG: Deleting session for test, *removed*, 18
Wed Nov 27 16:51:30 2002: DEBUG: Handling with Radius::AuthLDAP2:
Wed Nov 27 16:51:30 2002: INFO: Connecting to 192.168.0.2, port 389
Wed Nov 27 16:51:30 2002: INFO: Attempting to bind with *removed*, *removed*
(server 192.168.0.2:389)
Wed Nov 27 16:51:30 2002: DEBUG: LDAP got result for uid=test,*removed*
Wed Nov 27 16:51:30 2002: DEBUG: LDAP got clearTextPassword: pass
Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 looks for match with test
Wed Nov 27 16:51:30 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Wed Nov 27 16:51:30 2002: INFO: Access rejected for test: Bad Password
Wed Nov 27 16:51:30 2002: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1645 ....
Code: Access-Reject
Identifier: 30
Authentic: <<172><220>f@<183>q#<243>S<11>H<30><152><143><238>
Attributes:
Reply-Message = "Request Denied"
********************************************************
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
