(RADIATOR) Windows NT password has troubles
John Edward Kekhan Nino
jekekhan at poly.com.co
Fri Aug 24 10:13:01 CDT 2001
Hello Hugh
Yes, I had checked the share secret and is fine. Otherwise I ran the
radpwtst from the local server where the Radiator is installed and I get
this problem. I comented the <Client TotalControl> to use only the localhost
client and I get the same problem.
I installed the radiator as WinNt superuser (administrator), but I´m not
sure if it is necessary configure anything else in the service properties
tab in control panel.
John Edward Kekhan N.
Network Manager
Polycom S.A. - Colombia
jekekhan at poly.com.co
> ----------
> De: Hugh Irvine[SMTP:hugh at open.com.au]
> Responder a: hugh at open.com.au
> Enviado el: Jueves, 23 de Agosto de 2001 06:46 p.m.
> Para: John Edward Kekhan Nino; radiator at open.com.au
> Asunto: Re: (RADIATOR) Windows NT password has troubles
>
>
> Hello John -
>
> Have you checked the shared secrets between the NAS and Radiator?
>
> And what user are you running Radiator as? Does that user have
> administrator
> priveledges to be able to access the domain controller?
>
> regards
>
> Hugh
>
>
> On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote:
> > Hello
> >
> > I have another trouble using radiator in windows NT, when I use the
> > password the log shows the message,
> >
> > Access rejected for e0999626: NT AuthenticateUser failed: Logon failure:
> > unknown user name or bad password.
> >
> > but if I use the parameter NoCheckPassword in AuthBy NT, the user is
> > success and the Access is granted
> >
> > Here is my radisu.cfg file
> >
> > # Radiator configuration file.
> >
> > AcctPort 1646
> > AuthPort 1645
> > DbDir E:\Radiator-2.18.2\radius
> > DictionaryFile %D\dictionary\dictionary
> > FingerProg C:\WINNT\system32\finger.exe
> >
> > LogDir E:\Radiator-2.18.2\log
> > LogFile %L\logradius.log
> > PidFile %L\radiusd.pid
> > Trace 4
> >
> > <Client localhost>
> > DupInterval 0
> > Secret mysecret
> > </Client>
> >
> > <Client TotalControl>
> > Description totalcontrol
> > DupInterval 2
> > NasType TotalControl
> > Secret xxxxxxxxxxxxxx
> > </Client>
> >
> > <Realm DEFAULT>
> >
> > <AuthBy GROUP>
> > AuthByPolicy ContinueWhileReject
> >
> > <AuthBy NT>
> > DefaultSimultaneousUse 2
> > Description domain WinNT
> > Domain domain1
> > DomainController \\domaincontroller1
> > Identifier ECP1
> > </AuthBy>
> >
> > <AuthBy NT>
> > DefaultSimultaneousUse 2
> > Description Domain Trans
> > Domain domain2
> > DomainController \\domaincontroller2
> > Identifier ECP2
> > </AuthBy>
> >
> > <AuthBy FILE>
> > Description testing
> > Filename %D\users
> > </AuthBy>
> > </AuthBy>
> >
> > Description RASECP
> > RejectHasReason
> > SessionDatabase
> > </Realm>
> >
> > <SNMPAgent >
> > Community public
> > Port 161
> > </SNMPAgent>
> >
> > the users file
> >
> > DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
> > Framed-Protocol = PPP,
> > Fall-Through = yes
> >
> > DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Fall-Through = yes
> >
> > # I left this user to probe configuration
> >
> > fred User-Password = "fred",Service-Type = Framed-User
> > Framed-Protocol = PPP,
> > Framed-IP-Netmask = 255.255.255.255,
> > Framed-Routing = None,
> > Framed-MTU = 1500,
> > Framed-Compression = Van-Jacobson-TCP-IP
> >
> > and the log from radius server
> >
> > Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on
> radecp
> > Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 1244 ....
> > Code: Access-Request
> > Identifier: 19
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "e0999626"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > NAS-Port-Type = Async
> > User-Password =
> > "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
> >
> > Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626,
> > 203.63.154.1, 1234
> > Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
> > Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
> > AuthenticateUser failed: Logon failure: unknown user name or bad
> password.
> >
> >
> >
> > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 1244 ....
> > Code: Access-Reject
> > Identifier: 19
> > Authentic: 1234567890123456
> > Attributes:
> > Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown
> > user name or bad password.<13><10>"
> >
> > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 1244 ....
> > Code: Accounting-Request
> > Identifier: 20
> > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> > Attributes:
> > User-Name = "e0999626"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > NAS-Port-Type = Async
> > Acct-Session-Id = "00001234"
> > Acct-Status-Type = Start
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> >
> > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626,
> > 203.63.154.1, 1234
> > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 1244 ....
> > Code: Accounting-Response
> > Identifier: 20
> > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> > Attributes:
> >
> > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > *** Received from 127.0.0.1 port 1244 ....
> > Code: Accounting-Request
> > Identifier: 21
> > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> > Attributes:
> > User-Name = "e0999626"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > NAS-Port-Type = Async
> > Acct-Session-Id = "00001234"
> > Acct-Status-Type = Stop
> > Called-Station-Id = "123456789"
> > Calling-Station-Id = "987654321"
> > Acct-Delay-Time = 0
> > Acct-Session-Time = 1000
> > Acct-Input-Octets = 20000
> > Acct-Output-Octets = 30000
> >
> > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626,
> > 203.63.154.1, 1234
> > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > *** Sending to 127.0.0.1 port 1244 ....
> > Code: Accounting-Response
> > Identifier: 21
> > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> > Attributes:
> >
> >
> > I have the following network configuration:
> >
> > The Radius server is WinNT 4.0 server as stand-alone on network
> > xxx.xxx.xxx.aaa
> > Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and zzz.zzz.aaa.bbb
> >
> > I can see the servers and if I use the WinNT command "net view
> > \\domaincontroller1" from the Radius Server the PDC request to me a
> > username and password to log in, when I send the data it works fine.
> >
> >
> > John Edward Kekhan N.
> > Network Manager
> > Polycom S.A. - Colombia
> > jekekhan at poly.com.co
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list