Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

Hello, all! I'm here for a bit of help using Authen::Radius to authenticate against RADIUS with LDAP in the backend. My problem is that RADIUS is receiving a packet from Authen::Radius with the password encrypted or corrupted, so the user is not authenticated. The password needs to be in plaintext. radtest is able to authenticate successfully.

#!/usr/bin/perl -w # radtest username "ldappassword" localhost 2 testing123 use strict; use Authen::Radius; my $r = new Authen::Radius( Host => 'localhost', Secret => 'radiuspassword', Debug => 1 ); $r->load_dictionary('/etc/freeradius/dictionary'); #$r->check_pwd('username', 'ldappassword'); # also fails $r->add_attributes ( { Name => 'User-Name', Value => 'username' }, { Name => 'NAS-IP-Address', Value => '' }, { Name => 'User-Password', Value => 'ldappassword' }, { Name => 'NAS-Port', Value => '2' }, ); $r->send_packet(ACCESS_REQUEST) || print "send_packet failed\n"; my $type = $r->recv_packet(1); if (!$type && $r->get_error() eq 'EBADAUTH') { print "Authentication failed\n"; exit(); } print "server response type = $type\n";

The output of this script is "Authentication failed." As indicated above, radtest is able to authenticate and prints the password in plain text in the log. However, with Authen::Radius, the log contains (with jibberish replacing each instance of "#65533;" here):

rad_recv: Access-Request packet from host port 58912, id=203 +, length=50 User-Name = "username" User-Password = "=\337R\3361\001ا.!\353\346\352\010ܫ" NAS-IP-Address = *snip* [ldap] login attempt by "username" with password "=�R�1? +ا.!���?ܫ" [ldap] user DN: uid=username,ou=People,dc=example,dc=com [ldap] (re)connect to localhost:389, authentication 1 [ldap] bind as uid=username,ou=People,dc=example,dc=com/=�R&# +65533;1?ا.!���?ܫ to localhost:389 [ldap] waiting for bind result ... [ldap] Bind failed with invalid credentials ++[ldap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the s +hared secret on the server and the NAS!

When using radtest, log looks like this:

rad_recv: Access-Request packet from host port 47900, id=129 +, length=74 User-Name = "username" User-Password = "ldappassword" NAS-IP-Address = NAS-Port = 2 Message-Authenticator = 0x935a295ea594eea2237c17b4cdb74a5e

How can I make Authen::Radius send the request like this so that it will get authenticated correctly?

In reply to Using Authen::Radius with LDAP: Password being encrypted or corrupted by serafina

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (3)
    As of 2018-05-23 02:22 GMT
    Find Nodes?
      Voting Booth?