Password oddity

Danner, Mearl jmdanner at samford.edu
Thu Dec 16 15:09:32 CET 2010


Sounds like it's authenticating but failing on authorization. If it authenticates correctly but the proper attributes aren't returned it will fail on authorization and the edirectory code will force a failed login by changing a character in the password. If edirectory is set up to lock the account on a number of failed logins a repeated attempt to login when not authorized to use wireless will lock out the account.

Make sure you have the proper radius attributes in the edirectory schema and the users are properly set up for radius authentication.

That's about all I can help with. We ditched edirectory a few years back so I can't go much further than that.

-----Original Message-----
From: freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org] On Behalf Of discgolfer72
Sent: Wednesday, December 15, 2010 5:36 PM
To: freeradius-users at lists.freeradius.org
Subject: Password oddity


Set up FreeRadius on SLES 10. Using the NTRadPing utility we can authenticate
to our back end LDAP server (eDirectory) w/o problem. However, when we
enabled Radius authentication on two separate Wireless access points
(Linksys WRT54 and DLink WBR 1310), they both fail authentication because
the password they pass (or how FreeRadius interprets the password) changes
one letter of the password.

For example, we set up a radtest user with a password of radtest. FreeRadius
server in debug shows the request come in but passes a password value of
aadtest. So, as a test we changed the password to aadtest for the radtest
user. The password then came across as badtest. So, we thought we'd change
the password to cadtest to see what would happen. Now the password was
sent/received as aadtest again.

Using NTRadPing utility, we see the request come in, get processed and then
login.......

Running FreeRadius 1.1.0 as this is the version that Novell "supports." 
Please don't yell at me on this.  Their documentation is based on this
version and not the latest version.......

Has anyone seen this behavior before and if so, know how to fix it?

TIA!! 
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/Password-oddity-tp3307174p3307174.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list