Re (RADIATOR) Windows NT Users auth with trouble

Kent, Ashley akent at ue.com.au
Tue Aug 21 18:25:50 CDT 2001


Hi John,

I have a similar radiator setup to you, and during testing I also saw a lot
of "NT GetAttributes failed: 53: The network path was not found". In my case
the problem was that radiator was at times not able to contact the domain
controller - hence the "network path not found". Remember that the radius
protocol uses UDP so if you are having network problems the radius request
packets will just fall into the bit bucket. The solution to this problem was
installing radiator on a domain controller.

Included below if a cutdown version of my config files. When a user request
comes in radiator checks that they have a valid account on the domain
controller infprd05 (which is the box that radiator is installed on) and
also checks that they are a member of the nt usergroup "rad-int".


Please feel free to email me if you have further questions,



Ash Kent
Network Security Engineer
United Energy Australia.



***************************************************************
FILE 1: Radiator.cfg
***************************************************************

# Radiator.cfg

#
----------------------------------------------------------------------------
---
# Globals
# 
# User a lower trace level in production systems. Tracelevel 4
# provides full debugging, tracelevel 3 provides warnings only.
#
#
----------------------------------------------------------------------------
---
Foreground
LogDir		./Logs
LogFile		%L/radiatorlog.txt
DbDir 		.
Trace			3


#
----------------------------------------------------------------------------
---
# Clients
#
# There must be an entry for each NAS that is going to use
# radius authentication. Requests from devices not listed here
# will be ignored.
#
#
----------------------------------------------------------------------------
---

# Pix
<Client xxxxxxxxxxx>
	Identifier PIX
	Secret xxxxxxxxx
</Client>

#
----------------------------------------------------------------------------
---
# AuthBy Clauses
#
#
----------------------------------------------------------------------------
---

<AuthBy NT>
	Identifier CheckInfprd05NT
	Domain UNITED
	DomainController \\infprd05
</AuthBy>

<AuthBy FILE>
	Identifier CheckOutPIX-United-Infprd05
	Filename ./Configs/CheckUnitedDomain.cfg
</AuthBy>


#
----------------------------------------------------------------------------
---
# AuthLog Clauses
#
#
----------------------------------------------------------------------------
---

<AuthLog FILE>
	Identifier UnitedInternetAccess
	Filename %L/Internet/united-authfailure.txt
	LogSuccess 0
	LogFailure 1
	FailureFormat United Internet Logon Fail %H:%M:%S %v %d %Y  %U
</AuthLog>

	

#
----------------------------------------------------------------------------
---
# Mainloop
#
#
----------------------------------------------------------------------------
---

# Handlers for outbound requests through the PIX
<Handler Client-Identifier = PIX>
	AuthBy CheckOutPIX-United-Infprd05
	AuthLog UnitedInternetAccess
</Handler>




***************************************************************
FILE 2: CheckUnitedDomain.cfg
***************************************************************

# CheckUnitedDomain.cfg

DEFAULT Auth-Type=CheckInfprd05NT, Group = Rad-Int
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list