(RADIATOR) Windows NT password has troubles

Hugh Irvine hugh at open.com.au
Thu Aug 23 18:46:44 CDT 2001


Hello John -

Have you checked the shared secrets between the NAS and Radiator? 

And what user are you running Radiator as? Does that user have administrator 
priveledges to be able to access the domain controller?

regards

Hugh


On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote:
> Hello
>
> I have another trouble using radiator in windows NT, when I use the
> password the log shows the message,
>
> Access rejected for e0999626: NT AuthenticateUser failed: Logon failure:
> unknown user name or bad password.
>
> but if I use the parameter NoCheckPassword in AuthBy NT,  the user is
> success and the Access is granted
>
> Here is my radisu.cfg file
>
> # Radiator configuration file.
>
> AcctPort 1646
> AuthPort 1645
> DbDir E:\Radiator-2.18.2\radius
> DictionaryFile %D\dictionary\dictionary
> FingerProg C:\WINNT\system32\finger.exe
>
> LogDir E:\Radiator-2.18.2\log
> LogFile %L\logradius.log
> PidFile %L\radiusd.pid
> Trace 4
>
> <Client localhost>
>   DupInterval 0
>   Secret mysecret
> </Client>
>
> <Client TotalControl>
>   Description totalcontrol
>   DupInterval 2
>   NasType TotalControl
>   Secret xxxxxxxxxxxxxx
> </Client>
>
> <Realm DEFAULT>
>
>     <AuthBy GROUP>
>         AuthByPolicy ContinueWhileReject
>
>         <AuthBy NT>
>             DefaultSimultaneousUse 2
>             Description domain WinNT
>             Domain domain1
>             DomainController \\domaincontroller1
> 		Identifier ECP1
>         </AuthBy>
>
>         <AuthBy NT>
>             DefaultSimultaneousUse 2
>             Description Domain Trans
>             Domain domain2
>             DomainController \\domaincontroller2
> 		Identifier ECP2
>         </AuthBy>
>
>         <AuthBy FILE>
>             Description testing
>             Filename %D\users
>         </AuthBy>
>     </AuthBy>
>
>     Description RASECP
>     RejectHasReason
>     SessionDatabase
> </Realm>
>
> <SNMPAgent >
>   Community public
>   Port 161
> </SNMPAgent>
>
> the users file
>
> DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
> 	Framed-Protocol = PPP,
> 	Fall-Through = yes
>
> DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Fall-Through = yes
>
> # I left this user to probe configuration
>
> fred	User-Password = "fred",Service-Type = Framed-User
>         Framed-Protocol = PPP,
>         Framed-IP-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
> 	Framed-Compression = Van-Jacobson-TCP-IP
>
> and the log from radius server
>
> Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on radecp
> Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1244 ....
> Code:       Access-Request
> Identifier: 19
> Authentic:  1234567890123456
> Attributes:
> 	User-Name = "e0999626"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	NAS-Port-Type = Async
> 	User-Password =
> "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
>
> Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Aug 22 17:58:34 2001: DEBUG:  Deleting session for e0999626,
> 203.63.154.1, 1234
> Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
> Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
> AuthenticateUser failed: Logon failure: unknown user name or bad password.
>
>
>
> Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1244 ....
> Code:       Access-Reject
> Identifier: 19
> Authentic:  1234567890123456
> Attributes:
> 	Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown
> user name or bad password.<13><10>"
>
> Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1244 ....
> Code:       Accounting-Request
> Identifier: 20
> Authentic:  <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> Attributes:
> 	User-Name = "e0999626"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Start
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
>
> Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Aug 22 17:58:38 2001: DEBUG:  Adding session for e0999626,
> 203.63.154.1, 1234
> Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1244 ....
> Code:       Accounting-Response
> Identifier: 20
> Authentic:  <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> Attributes:
>
> Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1244 ....
> Code:       Accounting-Request
> Identifier: 21
> Authentic:  >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> Attributes:
> 	User-Name = "e0999626"
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 203.63.154.1
> 	NAS-Port = 1234
> 	NAS-Port-Type = Async
> 	Acct-Session-Id = "00001234"
> 	Acct-Status-Type = Stop
> 	Called-Station-Id = "123456789"
> 	Calling-Station-Id = "987654321"
> 	Acct-Delay-Time = 0
> 	Acct-Session-Time = 1000
> 	Acct-Input-Octets = 20000
> 	Acct-Output-Octets = 30000
>
> Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Aug 22 17:58:38 2001: DEBUG:  Deleting session for e0999626,
> 203.63.154.1, 1234
> Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1244 ....
> Code:       Accounting-Response
> Identifier: 21
> Authentic:  >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> Attributes:
>
>
> I have the following network configuration:
>
> The Radius server is WinNT 4.0 server as stand-alone on network
> xxx.xxx.xxx.aaa
> Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and zzz.zzz.aaa.bbb
>
> I can see the servers and if I use the WinNT command "net view
> \\domaincontroller1" from the Radius Server the PDC request to me a
> username and password to log in, when I send the data it works fine.
>
>
> John Edward Kekhan N.
> Network Manager
> Polycom S.A. - Colombia
> jekekhan at poly.com.co
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list