Hello Bob - We will need to see a copy of the configuration file and a more complete trace 4 debug showing the startup messages as well as what is happening with the requests.
For the most flexibility I suggest the AuthBy NTLM clause on *NIX and the AuthBy LSA clause on Windows. regards Hugh On 14 Sep 2010, at 12:11, Bob Rotsted wrote: > Hi all, > > I'm attempting to use Authby LDAP2 to proxy authentication requests to > our active directory server with the "ServerChecksPassword" switch. > > Everything appears to be working correctly -- binding completes, etc -- > until the user's password is verified. When AD checks the user's > password, Authby LDAP2 throws the following errors: > > Tue Sep 14 09:46:48 2010: DEBUG: Radius::AuthLDAP2 looks for match with > user [user] > Tue Sep 14 09:46:48 2010: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted > password: user [user] > Tue Sep 14 09:46:48 2010: INFO: Connecting to 131.252.0.0:636 > Tue Sep 14 09:46:48 2010: INFO: Attempting to bind to LDAP server > 131.252.0.0:636 > Tue Sep 14 09:46:48 2010: DEBUG: No entries for DEFAULT found in LDAP > database > Tue Sep 14 09:46:48 2010: DEBUG: AuthBy LDAP2 result: REJECT, Bad > Encrypted password > Tue Sep 14 09:46:48 2010: INFO: Access rejected for user: Bad Encrypted > password > > My current configuration works on another server, perhaps my new server > is missing a library? Anyone else experiencing this issue? > > Best, > > -- > Bob Rotsted > > Network Security Analyst > Portland State University > Desk: 503-725-6215 > Cell: 503-208-6575 > 314B D581 A8CD E28A A690 7E9D 5B43 4B28 0EB6 A21A > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
