(RADIATOR) Windows NT password has troubles
John Edward Kekhan Nino
jekekhan at poly.com.co
Thu Aug 23 10:43:58 CDT 2001
Hello
I have another trouble using radiator in windows NT, when I use the password
the log shows the message,
Access rejected for e0999626: NT AuthenticateUser failed: Logon failure:
unknown user name or bad password.
but if I use the parameter NoCheckPassword in AuthBy NT, the user is
success and the Access is granted
Here is my radisu.cfg file
# Radiator configuration file.
AcctPort 1646
AuthPort 1645
DbDir E:\Radiator-2.18.2\radius
DictionaryFile %D\dictionary\dictionary
FingerProg C:\WINNT\system32\finger.exe
LogDir E:\Radiator-2.18.2\log
LogFile %L\logradius.log
PidFile %L\radiusd.pid
Trace 4
<Client localhost>
DupInterval 0
Secret mysecret
</Client>
<Client TotalControl>
Description totalcontrol
DupInterval 2
NasType TotalControl
Secret xxxxxxxxxxxxxx
</Client>
<Realm DEFAULT>
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy NT>
DefaultSimultaneousUse 2
Description domain WinNT
Domain domain1
DomainController \\domaincontroller1
Identifier ECP1
</AuthBy>
<AuthBy NT>
DefaultSimultaneousUse 2
Description Domain Trans
Domain domain2
DomainController \\domaincontroller2
Identifier ECP2
</AuthBy>
<AuthBy FILE>
Description testing
Filename %D\users
</AuthBy>
</AuthBy>
Description RASECP
RejectHasReason
SessionDatabase
</Realm>
<SNMPAgent >
Community public
Port 161
</SNMPAgent>
the users file
DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
Framed-Protocol = PPP,
Fall-Through = yes
DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
Framed-Protocol = PPP
Fall-Through = yes
# I left this user to probe configuration
fred User-Password = "fred",Service-Type = Framed-User
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
and the log from radius server
Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on radecp
Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1244 ....
Code: Access-Request
Identifier: 19
Authentic: 1234567890123456
Attributes:
User-Name = "e0999626"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626,
203.63.154.1, 1234
Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
AuthenticateUser failed: Logon failure: unknown user name or bad password.
Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1244 ....
Code: Access-Reject
Identifier: 19
Authentic: 1234567890123456
Attributes:
Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown
user name or bad password.<13><10>"
Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1244 ....
Code: Accounting-Request
Identifier: 20
Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
Attributes:
User-Name = "e0999626"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626, 203.63.154.1,
1234
Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1244 ....
Code: Accounting-Response
Identifier: 20
Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
Attributes:
Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1244 ....
Code: Accounting-Request
Identifier: 21
Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
Attributes:
User-Name = "e0999626"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626,
203.63.154.1, 1234
Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1244 ....
Code: Accounting-Response
Identifier: 21
Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
Attributes:
I have the following network configuration:
The Radius server is WinNT 4.0 server as stand-alone on network
xxx.xxx.xxx.aaa
Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and zzz.zzz.aaa.bbb
I can see the servers and if I use the WinNT command "net view
\\domaincontroller1" from the Radius Server the PDC request to me a username
and password to log in, when I send the data it works fine.
John Edward Kekhan N.
Network Manager
Polycom S.A. - Colombia
jekekhan at poly.com.co
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list