(RADIATOR) Windows NT password has troubles
Hugh Irvine
hugh at open.com.au
Fri Aug 31 19:56:09 CDT 2001
Hello John -
There have been some changes made in AuthNT.pm, so I have copied this
mail to Mike for his comments.
regards
Hugh
At 10:19 -0500 01/8/31, John Edward Kekhan Nino wrote:
>Hello Hugh
>
>I did all that you suggested however the problem remained, so I tried with
>the AuthNT.pm file from the version 2.14.1 and mate. It works without
>problem... what happened?
>
>
>
>> ----------
>> De: Hugh Irvine[SMTP:hugh at open.com.au]
>> Responder a: hugh at open.com.au
>> Enviado el: Viernes, 24 de Agosto de 2001 07:09 p.m.
>> Para: John Edward Kekhan Nino; radiator at open.com.au
>> Asunto: Re: (RADIATOR) Windows NT password has troubles
>>
>>
>> Hello John -
>>
>> I would suggest you run Radiator for testing purposes manually (rather
>> than a
>> service), to make sure you have all the correct priveledges (run Radiator
>> in
>> one terminal window and radpwtst in another). Once you have got Radiator
>> running successfully that way, then you will know how to correctly
>> configure
>> the service.
>>
>> regards
>>
>> Hugh
>>
>> On Saturday 25 August 2001 01:13, John Edward Kekhan Nino wrote:
>> > Hello Hugh
>> >
>> > Yes, I had checked the share secret and is fine. Otherwise I ran the
>> > radpwtst from the local server where the Radiator is installed and I get
>> > this problem. I comented the <Client TotalControl> to use only the
>> > localhost client and I get the same problem.
>> >
>> > I installed the radiator as WinNt superuser (administrator), but I´m
>> not
>> > sure if it is necessary configure anything else in the service
>> properties
>> > tab in control panel.
>> >
>> >
>> > John Edward Kekhan N.
>> > Network Manager
>> > Polycom S.A. - Colombia
>> > jekekhan at poly.com.co
>> >
>> > > ----------
>> > > De: Hugh Irvine[SMTP:hugh at open.com.au]
>> > > Responder a: hugh at open.com.au
>> > > Enviado el: Jueves, 23 de Agosto de 2001 06:46 p.m.
>> > > Para: John Edward Kekhan Nino; radiator at open.com.au
>> > > Asunto: Re: (RADIATOR) Windows NT password has troubles
>> > >
>> > >
>> > > Hello John -
>> > >
>> > > Have you checked the shared secrets between the NAS and Radiator?
>> > >
>> > > And what user are you running Radiator as? Does that user have
>> > > administrator
>> > > priveledges to be able to access the domain controller?
>> > >
>> > > regards
>> > >
>> > > Hugh
>> > >
>> > > On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote:
>> > > > Hello
>> > > >
>> > > > I have another trouble using radiator in windows NT, when I use the
>> > > > password the log shows the message,
>> > > >
>> > > > Access rejected for e0999626: NT AuthenticateUser failed: Logon
>> > > > failure: unknown user name or bad password.
>> > > >
>> > > > but if I use the parameter NoCheckPassword in AuthBy NT, the user
>> is
>> > > > success and the Access is granted
>> > > >
>> > > > Here is my radisu.cfg file
>> > > >
>> > > > # Radiator configuration file.
>> > > >
>> > > > AcctPort 1646
>> > > > AuthPort 1645
>> > > > DbDir E:\Radiator-2.18.2\radius
>> > > > DictionaryFile %D\dictionary\dictionary
>> > > > FingerProg C:\WINNT\system32\finger.exe
>> > > >
>> > > > LogDir E:\Radiator-2.18.2\log
>> > > > LogFile %L\logradius.log
>> > > > PidFile %L\radiusd.pid
>> > > > Trace 4
>> > > >
>> > > > <Client localhost>
>> > > > DupInterval 0
>> > > > Secret mysecret
>> > > > </Client>
>> > > >
>> > > > <Client TotalControl>
>> > > > Description totalcontrol
>> > > > DupInterval 2
>> > > > NasType TotalControl
>> > > > Secret xxxxxxxxxxxxxx
>> > > > </Client>
>> > > >
>> > > > <Realm DEFAULT>
>> > > >
>> > > > <AuthBy GROUP>
>> > > > AuthByPolicy ContinueWhileReject
>> > > >
>> > > > <AuthBy NT>
>> > > > DefaultSimultaneousUse 2
>> > > > Description domain WinNT
>> > > > Domain domain1
>> > > > DomainController \\domaincontroller1
>> > > > Identifier ECP1
>> > > > </AuthBy>
>> > > >
>> > > > <AuthBy NT>
>> > > > DefaultSimultaneousUse 2
>> > > > Description Domain Trans
> > > > > Domain domain2
>> > > > DomainController \\domaincontroller2
>> > > > Identifier ECP2
>> > > > </AuthBy>
>> > > >
>> > > > <AuthBy FILE>
>> > > > Description testing
>> > > > Filename %D\users
>> > > > </AuthBy>
>> > > > </AuthBy>
>> > > >
>> > > > Description RASECP
>> > > > RejectHasReason
>> > > > SessionDatabase
>> > > > </Realm>
>> > > >
>> > > > <SNMPAgent >
>> > > > Community public
>> > > > Port 161
>> > > > </SNMPAgent>
>> > > >
>> > > > the users file
>> > > >
>> > > > DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
>> > > > Framed-Protocol = PPP,
>> > > > Fall-Through = yes
>> > > >
>> > > > DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
>> > > > Framed-Protocol = PPP
>> > > > Fall-Through = yes
>> > > >
>> > > > # I left this user to probe configuration
>> > > >
>> > > > fred User-Password = "fred",Service-Type = Framed-User
>> > > > Framed-Protocol = PPP,
>> > > > Framed-IP-Netmask = 255.255.255.255,
>> > > > Framed-Routing = None,
>> > > > Framed-MTU = 1500,
>> > > > Framed-Compression = Van-Jacobson-TCP-IP
>> > > >
>> > > > and the log from radius server
>> > > >
>> > > > Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on
>> > >
>> > > radecp
>> > >
>> > > > Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
>> > > > *** Received from 127.0.0.1 port 1244 ....
>> > > > Code: Access-Request
>> > > > Identifier: 19
>> > > > Authentic: 1234567890123456
>> > > > Attributes:
>> > > > User-Name = "e0999626"
>> > > > Service-Type = Framed-User
>> > > > NAS-IP-Address = 203.63.154.1
>> > > > NAS-Port = 1234
>> > > > Called-Station-Id = "123456789"
>> > > > Calling-Station-Id = "987654321"
>> > > > NAS-Port-Type = Async
>> > > > User-Password =
>> > > > "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
>> > > >
>> > > > Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
>> > > > 'Realm=DEFAULT'
>> > > > Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626,
>> > > > 203.63.154.1, 1234
>> > > > Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
>> > > > Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
>> > > > AuthenticateUser failed: Logon failure: unknown user name or bad
>> > >
>> > > password.
>> > >
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
>> > > > *** Sending to 127.0.0.1 port 1244 ....
>> > > > Code: Access-Reject
>> > > > Identifier: 19
>> > > > Authentic: 1234567890123456
>> > > > Attributes:
>> > > > Reply-Message = "NT AuthenticateUser failed: Logon failure:
>> unknown
>> > > > user name or bad password.<13><10>"
>> > > >
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
>> > > > *** Received from 127.0.0.1 port 1244 ....
>> > > > Code: Accounting-Request
>> > > > Identifier: 20
>> > > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
>> > > > Attributes:
>> > > > User-Name = "e0999626"
>> > > > Service-Type = Framed-User
>> > > > NAS-IP-Address = 203.63.154.1
>> > > > NAS-Port = 1234
>> > > > NAS-Port-Type = Async
>> > > > Acct-Session-Id = "00001234"
>> > > > Acct-Status-Type = Start
>> > > > Called-Station-Id = "123456789"
>> > > > Calling-Station-Id = "987654321"
>> > > >
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
>> > > > 'Realm=DEFAULT'
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626,
>> > > > 203.63.154.1, 1234
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
>> > > > *** Sending to 127.0.0.1 port 1244 ....
>> > > > Code: Accounting-Response
>> > > > Identifier: 20
>> > > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
>> > > > Attributes:
>> > > >
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
>> > > > *** Received from 127.0.0.1 port 1244 ....
>> > > > Code: Accounting-Request
>> > > > Identifier: 21
>> > > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
>> > > > Attributes:
>> > > > User-Name = "e0999626"
>> > > > Service-Type = Framed-User
> > > > > NAS-IP-Address = 203.63.154.1
>> > > > NAS-Port = 1234
>> > > > NAS-Port-Type = Async
>> > > > Acct-Session-Id = "00001234"
>> > > > Acct-Status-Type = Stop
>> > > > Called-Station-Id = "123456789"
>> > > > Calling-Station-Id = "987654321"
>> > > > Acct-Delay-Time = 0
>> > > > Acct-Session-Time = 1000
>> > > > Acct-Input-Octets = 20000
>> > > > Acct-Output-Octets = 30000
>> > > >
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
>> > > > 'Realm=DEFAULT'
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626,
>> > > > 203.63.154.1, 1234
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
>> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
>> > > > *** Sending to 127.0.0.1 port 1244 ....
>> > > > Code: Accounting-Response
>> > > > Identifier: 21
>> > > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
>> > > > Attributes:
>> > > >
>> > > >
>> > > > I have the following network configuration:
>> > > >
>> > > > The Radius server is WinNT 4.0 server as stand-alone on network
>> > > > xxx.xxx.xxx.aaa
>> > > > Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and zzz.zzz.aaa.bbb
>> > > >
>> > > > I can see the servers and if I use the WinNT command "net view
>> > > > \\domaincontroller1" from the Radius Server the PDC request to me a
>> > > > username and password to log in, when I send the data it works fine.
>> > > >
>> > > >
>> > > > John Edward Kekhan N.
>> > > > Network Manager
>> > > > Polycom S.A. - Colombia
>> > > > jekekhan at poly.com.co
>> > > >
>> > > >
>> > > > ===
>> > > > Archive at http://www.open.com.au/archives/radiator/
>> > > > Announcements on radiator-announce at open.com.au
>> > > > To unsubscribe, email 'majordomo at open.com.au' with
>> > > > 'unsubscribe radiator' in the body of the message.
>> > >
>> > > --
>> > > Radiator: the most portable, flexible and configurable RADIUS server
>> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> > > -
>> > > Nets: internetwork inventory and management - graphical, extensible,
>> > > flexible with hardware, software, platform and database independence.
>> > > ===
>> > > Archive at http://www.open.com.au/archives/radiator/
>> > > Announcements on radiator-announce at open.com.au
>> > > To unsubscribe, email 'majordomo at open.com.au' with
>> > > 'unsubscribe radiator' in the body of the message.
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list