HAHA! Yeah, I had just enabled LDAP debugging in the config, and noticed that in the outgoing LDAP packet it seemed to be sending gibberish as the password. Then I saw your e-mail right as I was about to report this strangeness. Tried providing the secret to radpwtst and it works! Now to find the networking guy and have him test it with a real switch.
Thanks a ton for your help! :) -- Isaac Freeman - Systems Administrator IBM Information Protection Services [email protected] 919-254-0245 From: Martin Burton <[email protected]> To: Isaac Freeman/Raleigh/Contr/IBM@IBMUS Cc: [email protected] Date: 09/13/2011 04:01 PM Subject: Re: [RADIATOR] Radiator + LDAP tries to use "(?uid=)" as search filter... I just noticed that in your original post you redacted the shared secret for the DEFAULT client. Was that because you changed it from "mysecret" or whatever was in there originally? The reason I ask is that RADIUS uses (amongst other things) the shared secret to encrypt the User-Password attribute. By default radpwtst uses "mysecret" as its shared secret, so if you changed it you'll need to specify the new shared secret on the radpwtst command line. A mismatched shared secret doesn't prevent the NAS from making a connection to the radius server, but it does mean that User-Password gets garbled. On 13/09/2011 20:43, Isaac Freeman wrote: > > Yeah, I tried that too with no luck: > > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 fd=50 ACCEPT from > IP=127.0.0.1:48820 (IP=0.0.0.0:389) > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 BIND dn="" method=128 > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=0 RESULT tag=97 err=0 > text= > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SRCH > base="dc=<my-domain>" scope=2 deref=2 filter="(uid=testuser)" > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=1 SEARCH RESULT tag=101 > err=0 nentries=1 text= > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 BIND > dn="cn=testuser,ou=People,dc=<my-domain>" method=128 > Sep 13 15:41:44 ldap1 slapd[5590]: conn=11070 op=2 RESULT tag=97 err=49 > text= > > still the same err=49 (bad credentials). > -- Martin Burton Senior Systems Administrator \\\|||/// Special Projects Team \\ ^ ^ // Wellcome Trust Sanger Institute ( 6 6 ) -----------------------------------------oOOo-(_)-oOOo--- http://www.sanger.ac.uk [attachment "signature.asc" deleted by Isaac Freeman/Raleigh/Contr/IBM]
<<inline: graycol.gif>>
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
