(RADIATOR) Windows NT password has troubles
Hugh Irvine
hugh at open.com.au
Fri Aug 24 19:09:13 CDT 2001
Hello John -
I would suggest you run Radiator for testing purposes manually (rather than a
service), to make sure you have all the correct priveledges (run Radiator in
one terminal window and radpwtst in another). Once you have got Radiator
running successfully that way, then you will know how to correctly configure
the service.
regards
Hugh
On Saturday 25 August 2001 01:13, John Edward Kekhan Nino wrote:
> Hello Hugh
>
> Yes, I had checked the share secret and is fine. Otherwise I ran the
> radpwtst from the local server where the Radiator is installed and I get
> this problem. I comented the <Client TotalControl> to use only the
> localhost client and I get the same problem.
>
> I installed the radiator as WinNt superuser (administrator), but I´m not
> sure if it is necessary configure anything else in the service properties
> tab in control panel.
>
>
> John Edward Kekhan N.
> Network Manager
> Polycom S.A. - Colombia
> jekekhan at poly.com.co
>
> > ----------
> > De: Hugh Irvine[SMTP:hugh at open.com.au]
> > Responder a: hugh at open.com.au
> > Enviado el: Jueves, 23 de Agosto de 2001 06:46 p.m.
> > Para: John Edward Kekhan Nino; radiator at open.com.au
> > Asunto: Re: (RADIATOR) Windows NT password has troubles
> >
> >
> > Hello John -
> >
> > Have you checked the shared secrets between the NAS and Radiator?
> >
> > And what user are you running Radiator as? Does that user have
> > administrator
> > priveledges to be able to access the domain controller?
> >
> > regards
> >
> > Hugh
> >
> > On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote:
> > > Hello
> > >
> > > I have another trouble using radiator in windows NT, when I use the
> > > password the log shows the message,
> > >
> > > Access rejected for e0999626: NT AuthenticateUser failed: Logon
> > > failure: unknown user name or bad password.
> > >
> > > but if I use the parameter NoCheckPassword in AuthBy NT, the user is
> > > success and the Access is granted
> > >
> > > Here is my radisu.cfg file
> > >
> > > # Radiator configuration file.
> > >
> > > AcctPort 1646
> > > AuthPort 1645
> > > DbDir E:\Radiator-2.18.2\radius
> > > DictionaryFile %D\dictionary\dictionary
> > > FingerProg C:\WINNT\system32\finger.exe
> > >
> > > LogDir E:\Radiator-2.18.2\log
> > > LogFile %L\logradius.log
> > > PidFile %L\radiusd.pid
> > > Trace 4
> > >
> > > <Client localhost>
> > > DupInterval 0
> > > Secret mysecret
> > > </Client>
> > >
> > > <Client TotalControl>
> > > Description totalcontrol
> > > DupInterval 2
> > > NasType TotalControl
> > > Secret xxxxxxxxxxxxxx
> > > </Client>
> > >
> > > <Realm DEFAULT>
> > >
> > > <AuthBy GROUP>
> > > AuthByPolicy ContinueWhileReject
> > >
> > > <AuthBy NT>
> > > DefaultSimultaneousUse 2
> > > Description domain WinNT
> > > Domain domain1
> > > DomainController \\domaincontroller1
> > > Identifier ECP1
> > > </AuthBy>
> > >
> > > <AuthBy NT>
> > > DefaultSimultaneousUse 2
> > > Description Domain Trans
> > > Domain domain2
> > > DomainController \\domaincontroller2
> > > Identifier ECP2
> > > </AuthBy>
> > >
> > > <AuthBy FILE>
> > > Description testing
> > > Filename %D\users
> > > </AuthBy>
> > > </AuthBy>
> > >
> > > Description RASECP
> > > RejectHasReason
> > > SessionDatabase
> > > </Realm>
> > >
> > > <SNMPAgent >
> > > Community public
> > > Port 161
> > > </SNMPAgent>
> > >
> > > the users file
> > >
> > > DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
> > > Framed-Protocol = PPP,
> > > Fall-Through = yes
> > >
> > > DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
> > > Framed-Protocol = PPP
> > > Fall-Through = yes
> > >
> > > # I left this user to probe configuration
> > >
> > > fred User-Password = "fred",Service-Type = Framed-User
> > > Framed-Protocol = PPP,
> > > Framed-IP-Netmask = 255.255.255.255,
> > > Framed-Routing = None,
> > > Framed-MTU = 1500,
> > > Framed-Compression = Van-Jacobson-TCP-IP
> > >
> > > and the log from radius server
> > >
> > > Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on
> >
> > radecp
> >
> > > Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 1244 ....
> > > Code: Access-Request
> > > Identifier: 19
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "e0999626"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > Called-Station-Id = "123456789"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password =
> > > "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
> > >
> > > Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > > Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626,
> > > 203.63.154.1, 1234
> > > Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
> > > Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
> > > AuthenticateUser failed: Logon failure: unknown user name or bad
> >
> > password.
> >
> > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 1244 ....
> > > Code: Access-Reject
> > > Identifier: 19
> > > Authentic: 1234567890123456
> > > Attributes:
> > > Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown
> > > user name or bad password.<13><10>"
> > >
> > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 1244 ....
> > > Code: Accounting-Request
> > > Identifier: 20
> > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> > > Attributes:
> > > User-Name = "e0999626"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > NAS-Port-Type = Async
> > > Acct-Session-Id = "00001234"
> > > Acct-Status-Type = Start
> > > Called-Station-Id = "123456789"
> > > Calling-Station-Id = "987654321"
> > >
> > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > > Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626,
> > > 203.63.154.1, 1234
> > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 1244 ....
> > > Code: Accounting-Response
> > > Identifier: 20
> > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> > > Attributes:
> > >
> > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > > *** Received from 127.0.0.1 port 1244 ....
> > > Code: Accounting-Request
> > > Identifier: 21
> > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> > > Attributes:
> > > User-Name = "e0999626"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > NAS-Port-Type = Async
> > > Acct-Session-Id = "00001234"
> > > Acct-Status-Type = Stop
> > > Called-Station-Id = "123456789"
> > > Calling-Station-Id = "987654321"
> > > Acct-Delay-Time = 0
> > > Acct-Session-Time = 1000
> > > Acct-Input-Octets = 20000
> > > Acct-Output-Octets = 30000
> > >
> > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> > > 'Realm=DEFAULT'
> > > Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626,
> > > 203.63.154.1, 1234
> > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> > > *** Sending to 127.0.0.1 port 1244 ....
> > > Code: Accounting-Response
> > > Identifier: 21
> > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> > > Attributes:
> > >
> > >
> > > I have the following network configuration:
> > >
> > > The Radius server is WinNT 4.0 server as stand-alone on network
> > > xxx.xxx.xxx.aaa
> > > Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and zzz.zzz.aaa.bbb
> > >
> > > I can see the servers and if I use the WinNT command "net view
> > > \\domaincontroller1" from the Radius Server the PDC request to me a
> > > username and password to log in, when I send the data it works fine.
> > >
> > >
> > > John Edward Kekhan N.
> > > Network Manager
> > > Polycom S.A. - Colombia
> > > jekekhan at poly.com.co
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list