(RADIATOR) Windows NT Users auth with trouble

Hugh Irvine hugh at open.com.au
Tue Aug 21 19:08:23 CDT 2001 

Hello John -

Could you please send me a copy of your users file?

I also think your AuthBy NT configuration is incorrect, as the 
DomainController parameter must contain the leading backslashes. However, I 
would not expect you to need to specify this if the Radiator host is able to 
find the domain controller(s) by polling the network.

Have a look at section 6.25 in the Radiator 2.18.2 reference manual (in the 
file "doc/ref.html" in the distribution).

regards

Hugh


On Wednesday 22 August 2001 06:05, John Edward Kekhan Nino wrote:
> Hello
>
> I have a trouble using Radiator to validate users in WindowsNT 4.0.  I have
> a Server WinNT4.0 configured as stand-alone server where I have the
> Radiator 2.18.2 and there are two WinNT servers installed as Domain
> controllers, when I use the perl command radpwtst to check the config I
> just obtain an error that I don`t know how to solve.
>
> This is my radius.cfg config
>
> # Radiator configuration file.
>
> AcctPort 1646
> AuthPort 1645
> DbDir E:\Radiator-2.18.2\radius
> DictionaryFile %D\dictionary\dictionary
> FingerProg C:\WINNT\system32\finger.exe
> LogDir E:\Radiator-2.18.2\log
> LogFile %L\logradius.log
> PidFile %L\radiusd.pid
> Trace 4
>
> <Client localhost>
>   DupInterval 0
>   Secret mysecret
> </Client>
>
> <Client DEFAULT>
>   DupInterval 0
>   Secret mysecret
> </Client>
>
> <Client TotalControl>
>   Description totalcontrol
>   DupInterval 2
>   NasType TotalControl
>   Secret xxxxxxxxxxxxxxxxxx
> </Client>
>
> <Realm DEFAULT>
>
>     AuthByPolicy ContinueUntilReject
>
>     <AuthBy NT>
>         Description Windows NT domain
>         Domain domain1
>         DomainController hostname1
>         Identifier domain1
>     </AuthBy>
>
>     <AuthBy NT>
>         Description Windows NT Domain Trans
>         Domain domain2
>         DomainController hostname2
>         Identifier domain2
>     </AuthBy>
>
>     <AuthBy FILE>
>         Description testing
>         Filename %D\users
>         Identifier FileUsers
>     </AuthBy>
>
>     Description RAS
>     RejectHasReason
>     SessionDatabase
> </Realm>
>
> <SNMPAgent >
>   Community public
>   Port 161
> </SNMPAgent>
>
> and the logradius has the following
>
> Tue Aug 21 11:45:06 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1956 ....
> Code:       Access-Request
> Identifier: 96
> Authentic:  1234567890123456
> Attributes:
> 	User-Name = "fred"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password =
> "<159><249>:<201><206>\<4><246><188>8<9><160><216>}x<153>"
>
> Tue Aug 21 11:45:06 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Aug 21 11:45:06 2001: DEBUG:  Deleting session for fred, 203.63.154.1,
> 1234
> Tue Aug 21 11:45:06 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:17 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with Radius::AuthFILE
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with fred
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: Bad Password
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes
> failed: 53: The network path was not found.
>
>
>
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT1
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes
> failed: 53: The network path was not found.
>
>
>
> Tue Aug 21 11:45:19 2001: INFO: Access rejected for fred: NT GetAttributes
> failed: 53: The network path was not found.
>
>
>
> Tue Aug 21 11:45:19 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1956 ....
> Code:       Access-Reject
> Identifier: 96
> Authentic:  1234567890123456
> Attributes:
> 	Reply-Message = "NT GetAttributes failed: 53: The network path was
> not found.<13><10>"
>
> Tue Aug 21 11:45:19 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1956 ....
> Code:       Accounting-Request
> Identifier: 97
> Authentic:  <229><221><171>T<236>.<16>ua<254>@<14><173><134><247>$
> Attributes:
> 	User-Name = "fred"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Start
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
>
> Tue Aug 21 11:45:19 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Aug 21 11:45:19 2001: DEBUG:  Adding session for fred, 203.63.154.1,
> 1234
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with Radius::AuthFILE
> Tue Aug 21 11:45:19 2001: DEBUG: Accounting accepted
> Tue Aug 21 11:45:19 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1956 ....
> Code:       Accounting-Response
> Identifier: 97
> Authentic:  <229><221><171>T<236>.<16>ua<254>@<14><173><134><247>$
> Attributes:
>
> Tue Aug 21 11:45:19 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1956 ....
> Code:       Accounting-Request
> Identifier: 98
> Authentic:  <218>[bYZ<202><149>9<166><251><142><238><140>V<212>M
> Attributes:
> 	User-Name = "fred"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Stop
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	Acct-Delay-Time = 0
> 	Acct-Session-Time = 1000
> 	Acct-Input-Octets = 20000
> 	Acct-Output-Octets = 30000
>
> Tue Aug 21 11:45:19 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Aug 21 11:45:19 2001: DEBUG:  Deleting session for fred, 203.63.154.1,
> 1234
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT
> Tue Aug 21 11:45:19 2001: DEBUG: Handling with Radius::AuthFILE
> Tue Aug 21 11:45:19 2001: DEBUG: Accounting accepted
> Tue Aug 21 11:45:19 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1956 ....
> Code:       Accounting-Response
> Identifier: 98
> Authentic:  <218>[bYZ<202><149>9<166><251><142><238><140>V<212>M
> Attributes:
>
> What does the following message mean? Reply-Message = "NT GetAttributes
> failed: 53: The network path was not found.<13><10>"
>
> Do I have to config trusted relations between all three WinNT servers?
>
>
> John Edward Kekhan N.
> Network Manager
> Polycom S.A.
> jekekhan at poly.com.co
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list