Hello Prasoon - The first thing to do is add "NoDefault" to your AuthBy LDAP2 clause.
This will stop the DEFAULTxxx lookups. regards Hugh On 20 May 2013, at 15:01, Prasoon Majumdar <[email protected]> wrote: > Hi All, > > user password in radius logs getting encrypted automatically and ldap is not > ableto process the logs : > > Fri May 17 14:04:23 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: > DEFAULT1536 [pkoorika@cyan] > Fri May 17 14:04:23 2013: INFO: Connecting to 10.91.118.24:389 > Fri May 17 14:04:24 2013: INFO: Attempting to bind to LDAP server > 10.91.118.24:389 > Fri May 17 14:04:24 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, > o=COLT, ou=customers, dc=colt,dc=net > Fri May 17 14:04:25 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs > Fri May 17 14:04:25 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator > Fri May 17 14:04:26 2013: DEBUG: Radius::AuthLDAP2 looks for match with > DEFAULT1537 [pkoorika@cyan] > Fri May 17 14:04:26 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: > DEFAULT1537 [pkoorika@cyan] > Fri May 17 14:04:27 2013: INFO: Connecting to 10.91.118.24:389 > Fri May 17 14:04:27 2013: INFO: Attempting to bind to LDAP server > 10.91.118.24:389 > Fri May 17 14:04:28 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, > o=COLT, ou=customers, dc=colt,dc=net > Fri May 17 14:04:28 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs > Fri May 17 14:04:29 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator > Fri May 17 14:04:29 2013: DEBUG: Radius::AuthLDAP2 looks for match with > DEFAULT1538 [pkoorika@cyan] > Fri May 17 14:04:30 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: > DEFAULT1538 [pkoorika@cyan] > Fri May 17 14:04:30 2013: INFO: Connecting to 10.91.118.24:389 > Fri May 17 14:04:31 2013: INFO: Attempting to bind to LDAP server > 10.91.118.24:389 > Fri May 17 14:04:31 2013: DEBUG: LDAP got result for uid=pkoorika, ou=people, > o=COLT, ou=customers, dc=colt,dc=net > Fri May 17 14:04:32 2013: DEBUG: LDAP got userPassword: {crypt}2hn4lvaP15OXs > Fri May 17 14:04:32 2013: DEBUG: LDAP got Cyaninc-User-Roles: Administrator > Fri May 17 14:04:33 2013: DEBUG: Radius::AuthLDAP2 looks for match with > DEFAULT1539 [pkoorika@cyan] > Fri May 17 14:04:33 2013: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password: > DEFAULT1539 [pkoorika@cyan] > Fri May 17 14:04:34 2013: INFO: Connecting to 10.91.118.24:389 > > > IS there a way to fix this issue, my configuration is listed below : > > > AuthPort 1812, 1645 > AcctPort 1813, 1646 > DbDir /etc/radiator/db > DictionaryFile %D/dictionary > LogDir /var/log/radiator > LogFile %L/radiator.log > PidFile /var/log/radiator/radiator.pid > #SocketQueueLength 1000 > Trace 4 > include %D/clients.cfg > > # > # Convert username to lowercase > # > RewriteUsername tr/A-Z/a-z/ > > # > # SYSLOG Configuration > # > <Log SYSLOG> > # Facility radius > Trace 4 > LogSock udp > LogHost 10.5.2.45 > </Log> > > # > # Authentication Logs > # > <AuthLog FILE> > Identifier auth_log > Filename %L/auth-%Y-%v.log > SuccessFormat %B:%u(NAS-Port: %{NAS-Port}):OK > FailureFormat %B:%u(NAS-Port: %{NAS-Port}):%1:%P:FAIL > LogSuccess 1 > LogFailure 1 > </AuthLog> > > # > # Status logs > > <StatsLog FILE> > Interval 86400 > Filename /var/log/radiator/stats.log > </StatsLog> > > > > #Cyan User Auth > <AuthBy LDAP2> > Identifier cyan_user_auth > Host 10.91.118.24 > Port 389 > Timeout 60 > AuthDN uid=radius,ou=appusers,dc=colt,dc=net > AuthPassword r@d1u5 > BaseDN o=colt,ou=customers,dc=colt,dc=net > Scope subtree > SearchFilter (uid=%U) > UsernameAttr uid > PasswordAttr userPassword > ServerChecksPassword > AuthAttrDef userPassword,User-Password,check > AuthAttrDef radius-Callback-Id,Callback-Id,reply > AuthAttrDef Cyaninc-User-Roles,CyanInc-User-Roles,reply > AuthAttrDef Cyaninc-Acct-Event-Text,CyanInc-Acct-Event-Text,reply > AddToReplyIfNotExist Service-Type=Login-User > </AuthBy> > > > > <Handler Realm = cyan> > AuthLog auth_log > RewriteUsername s/^([^@]+).*/$1/ > AuthBy cyan_user_auth > </Handler> > > > Any ideas how can be fix the "{crypt}2hn4lvaP15OXs" paramter appearing for > ldap uids. > > -- > Regards, > Prasoon Majumdar > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
