09-23-2010 08:52 AM - edited 03-10-2019 05:26 PM
Hi, how are you?.
I am implementing CAR 5.o and LDAP. I tested some and it ever appears to me the following error in the CAR:
password does not match
09/23/2010 11:19:39.759: P79: Trace of Access-Request packet
09/23/2010 11:19:39.759: P79: identifier = 78
09/23/2010 11:19:39.759: P79: length = 146
09/23/2010 11:19:39.759: P79: reqauth = 97:4b:47:a8:c7:98:0f:bf:40:7e:f1:50:84:3d:91:d7
09/23/2010 11:19:39.759: P79: User-Name = teco
09/23/2010 11:19:39.759: P79: User-Password = b4:63:de:ba:0f:8c:40:e0:5d:f3:24:e5:86:cb:62:bb
09/23/2010 11:19:39.759: P79: NAS-IP-Address = 186.108.26.2
09/23/2010 11:19:39.759: P79: NAS-Port = 1
09/23/2010 11:19:39.759: P79: Service-Type = Login
09/23/2010 11:19:39.759: P79: Called-Station-Id = 186.108.26.2
09/23/2010 11:19:39.759: P79: Calling-Station-Id = 190.139.109.114
09/23/2010 11:19:39.759: P79: NAS-Identifier = Cisco_69:65:a4
09/23/2010 11:19:39.759: P79: NAS-Port-Type = Wireless - IEEE 802.11
09/23/2010 11:19:39.759: P79: Message-Authenticator = aa:e9:c2:11:58:4d:f0:11:64:c8:0d:ff:a7:1b:47:be
09/23/2010 11:19:39.759: P79: Airespace-WLAN-Id = 2
09/23/2010 11:19:39.759: P79: Using Client: WLC
09/23/2010 11:19:39.759: P79: Using NAS: WLC (186.108.26.2)
09/23/2010 11:19:39.759: P79: Request is directly from a NAS: TRUE
09/23/2010 11:19:39.759: P79: Authenticating and Authorizing with Service ldap
09/23/2010 11:19:39.759: P79: Service ldap: Sending request to remote server ldapserver
09/23/2010 11:19:39.759: P79: Filter = (uid=teco)
09/23/2010 11:19:39.759: searchpath = OU=LDAP-USERS,DC=italtel,DC=ar
09/23/2010 11:19:39.759: Filter = (uid=teco)
09/23/2010 11:19:39.759: P79: Remote LDAP Server ldapserver: searching with scope: SubTree
09/23/2010 11:19:39.761: id = 1
09/23/2010 11:19:39.761: P79: Remote LDAP Server ldapserver (186.108.26.11:389:Connection:3): Querying LDAP server, id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): Got LDAP response, id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): User teco's password does not match
09/23/2010 11:19:39.762: P79: Adding Message-Authenticator to response
09/23/2010 11:19:39.762: P79: Trace of Access-Reject packet
09/23/2010 11:19:39.762: P79: identifier = 78
09/23/2010 11:19:39.762: P79: length = 54
09/23/2010 11:19:39.762: P79: respauth = f2:9f:a3:5f:0a:36:4b:69:c2:c0:f2:4e:78:c3:da:0d
09/23/2010 11:19:39.762: P79: Reply-Message = Access Denied
Please, let me know your opinion about this issue.
Thanks a lot.
Andrés.
10-08-2010 11:42 AM
Anders,
Are you using bind based authentication or are you retreiving the password from the external database? Can you post your LDAP configuration here? Also make sure your shared secret is correct between your CAR server and your NAS as the only thing encrypted in RADIUS is the password so if the shared secret is incorrect it will show up as a bad password error in CAR.
--Jesse
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide