Cisco Access Registrar 5.0 (CAR) and LDAP implementation

Unanswered Question
Sep 23rd, 2010
User Badges:

Hi, how are you?.


I am implementing CAR 5.o and LDAP.  I tested some and it ever appears to me the following error in the CAR:


password does not match



09/23/2010 11:19:39.759: P79: Trace of Access-Request packet
09/23/2010 11:19:39.759: P79:    identifier = 78
09/23/2010 11:19:39.759: P79:    length = 146
09/23/2010 11:19:39.759: P79:    reqauth = 97:4b:47:a8:c7:98:0f:bf:40:7e:f1:50:84:3d:91:d7
09/23/2010 11:19:39.759: P79:    User-Name = teco
09/23/2010 11:19:39.759: P79:    User-Password = b4:63:de:ba:0f:8c:40:e0:5d:f3:24:e5:86:cb:62:bb
09/23/2010 11:19:39.759: P79:    NAS-IP-Address = 186.108.26.2
09/23/2010 11:19:39.759: P79:    NAS-Port = 1
09/23/2010 11:19:39.759: P79:    Service-Type = Login
09/23/2010 11:19:39.759: P79:    Called-Station-Id = 186.108.26.2
09/23/2010 11:19:39.759: P79:    Calling-Station-Id = 190.139.109.114
09/23/2010 11:19:39.759: P79:    NAS-Identifier = Cisco_69:65:a4
09/23/2010 11:19:39.759: P79:    NAS-Port-Type = Wireless - IEEE 802.11
09/23/2010 11:19:39.759: P79:    Message-Authenticator = aa:e9:c2:11:58:4d:f0:11:64:c8:0d:ff:a7:1b:47:be
09/23/2010 11:19:39.759: P79:    Airespace-WLAN-Id = 2
09/23/2010 11:19:39.759: P79: Using Client: WLC
09/23/2010 11:19:39.759: P79: Using NAS: WLC (186.108.26.2)
09/23/2010 11:19:39.759: P79: Request is directly from a NAS: TRUE
09/23/2010 11:19:39.759: P79: Authenticating and Authorizing with Service ldap
09/23/2010 11:19:39.759: P79: Service ldap: Sending request to remote server ldapserver
09/23/2010 11:19:39.759: P79:  Filter = (uid=teco)
09/23/2010 11:19:39.759: searchpath = OU=LDAP-USERS,DC=italtel,DC=ar
09/23/2010 11:19:39.759: Filter = (uid=teco)
09/23/2010 11:19:39.759: P79: Remote LDAP Server ldapserver: searching with scope: SubTree
09/23/2010 11:19:39.761: id = 1
09/23/2010 11:19:39.761: P79: Remote LDAP Server ldapserver (186.108.26.11:389:Connection:3): Querying LDAP server, id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): Got LDAP response,  id = 1.
09/23/2010 11:19:39.762: P79: Remote LDAP Server ldapserver (186.108.26.11:389): User teco's password does not match
09/23/2010 11:19:39.762: P79: Adding Message-Authenticator to response
09/23/2010 11:19:39.762: P79: Trace of Access-Reject packet
09/23/2010 11:19:39.762: P79:    identifier = 78
09/23/2010 11:19:39.762: P79:    length = 54
09/23/2010 11:19:39.762: P79:    respauth = f2:9f:a3:5f:0a:36:4b:69:c2:c0:f2:4e:78:c3:da:0d
09/23/2010 11:19:39.762: P79:    Reply-Message = Access Denied



Please, let me know your opinion about this issue.


Thanks a lot.

Andrés.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jedubois Fri, 10/08/2010 - 11:42
User Badges:
  • Cisco Employee,

Anders,

     Are you using bind based authentication or are you retreiving the password from the external database?  Can you post your LDAP configuration here?  Also make sure your shared secret is correct between your CAR server and your NAS as the only thing encrypted in RADIUS is the password so if the shared secret is incorrect it will show up as a bad password error in CAR.

--Jesse

Actions

This Discussion