PB with Accent in nspmPassword in request LDAP between FREE-RADIUS 1.0.5 (suse) and edirectory novell 6.5

freeradius at rockwellcollins.com freeradius at rockwellcollins.com
Thu May 11 12:24:23 CEST 2006 

Hello,
I apologize for the delay in this  reply.
My 802.1x client send a demand of authentification on the network.
By means of ENTERASYS switch, the demand of authentification arrive at the 
radius server with login / password.
The demand of authentification (login /password with accents) arrives 
correctly at the RADIUS server.

To authenticate the user, the freeradius server send a LDAP request to the 
novell server (just with the user login) to ask it the nspmPassword.

The NOVELL servers reply with ldap response containing the nspmPassword 
attribut.

Then the freeradius server compare this login / nspmPassword with the 
login / password received first, it find differences and does not 
authenticate the user. 
I don?t know if the nspmPassword sent back by the Novell server is bad or 
good because the ldap response is crypted (port 636).
The uncrypted mode is refused by the novell server.

The debug mode of freeradius (radius-x -A) do not show the nspmPassword 
received by Freeradius.

I used a free tool : LDAPbrowser. This tool send a ldap request containing 
a novell login / password and gets back a list of attributes. I made a 
success with a login and a password containing characters with accents.

So the problem seems to be on the reception of the ldap request by the 
FREERADIUS server.

To identify better the problem, have  you some tests or debug command to 
help me? 

thank you in advance.

Best regards

Stephan




"Alan DeKok" <aland at nitros9.org> 
Envoyé par : 
freeradius-users-bounces+freeradius=rockwellcollins.com at lists.freeradius.org
28/04/2006 17:09
Veuillez répondre à
FreeRadius users mailing list <freeradius-users at lists.freeradius.org>


A
FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
cc

Objet
Re: PB with Accent in nspmPassword in request LDAP between FREE-RADIUS 
1.0.5 (suse) and edirectory novell 6.5






freeradius at rockwellcollins.com wrote:
> On the other hand, if the user uses a password using characters with
> accents, this solution does not work.
> 
>  I identified the problem in the LDAP request  (ask nspmPassword) 
between
> FREE-RADIUS 1.0.5 and the edirectory of novell 6.5.

  Can you show qhat the LDAP browser does, and what FreeRADIUS does?
If we don't know what's going wrong, it's difficult to know what to
fix.

  So far as I know, FreeRADIUS handles UTF-8 fine, so characters with
accents should not be a problem.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060511/aab27d5a/attachment.html>

More information about the Freeradius-Users mailing list