Radius: Invalid password

Question

Level 1

0 points

Radius: Invalid password

Hi

I'm trying to set up a Juniper SSG-5 as a VPN gateway in front of an OSX-server.

I have configured the radius server on OSX and I can use it to authenticate my VPN-users on the SSG-5 as long as I'm using an admin user.

If I try to log in as an non-admin user (that have been added to the "Allowed users list" I get:

Fri Jun 22 11:13:08 2012 : Auth: rlm_opendirectory: User <vpntest> is authorized.

Fri Jun 22 11:13:08 2012 : Auth: rlm_opendirectory: [vpntest]: invalid password

I have tried to follow a number of guides and I have tried to ask at a freeradius forum (the just blame Apple for changing it) but I have found noone that deals with this problem.

Mac OS X (10.6.8)

Posted on Jun 22, 2012 2:21 AM

Reply

Answer 1

JensSkov Author

Level 1

0 points

Jun 29, 2012 5:51 AM in response to JensSkov

Hi again...

Now I have tried running radiusd in debug mode and I get this:

rlm_opendirectory: The host 192.168.x.x does not have an access group.

rlm_opendirectory: User <vpntest> is authorized.

rlm_opendirectory: Setting Auth-Type = opendirectory

++[opendirectory] returns ok

++[expiration] returns noop

++[logintime] returns noop

[pap] Found existing Auth-Type, not changing it.

++[pap] returns noop

Found Auth-Type = opendirectory

+- entering group opendirectory {...}

rlm_opendirectory: [vpntest]: invalid password

++[opendirectory] returns userlock

Failed to authenticate the user.

Using Post-Auth-Type Reject

+- entering group REJECT {...}

The password IS correct and I can't figure out if the problem is within radius or opendirectory.

As long as the user is an adsministrator he will be authenticated, but not of it's a normal user.

Any good ideas`?

Reply