(RADIATOR) Windows NT password has troubles
Mike McCauley
mikem at open.com.au
Fri Aug 31 20:42:16 CDT 2001
Hello John,
On Sat, 1 Sep 2001 10:56, Hugh Irvine wrote:
> Hello John -
>
> There have been some changes made in AuthNT.pm, so I have copied this
> mail to Mike for his comments.
The relevant change appears to be that recent Radiators use
Win32::AuthenticateUser::AuthenticateUser
whereas 2.14.1 used Win32::NetAdmin::UserChangePassword
I suspect that your 2.18.3 was not able to check the password because it was
not running with administrator privelege as far as the domain controller is
concerned.
You may want to try running your Radiator as administrator?
Please let me know how you go.
Cheers.
>
> regards
>
> Hugh
>
> At 10:19 -0500 01/8/31, John Edward Kekhan Nino wrote:
> >Hello Hugh
> >
> >I did all that you suggested however the problem remained, so I tried with
> >the AuthNT.pm file from the version 2.14.1 and mate. It works without
> >problem... what happened?
> >
> >> ----------
> >> De: Hugh Irvine[SMTP:hugh at open.com.au]
> >> Responder a: hugh at open.com.au
> >> Enviado el: Viernes, 24 de Agosto de 2001 07:09 p.m.
> >> Para: John Edward Kekhan Nino; radiator at open.com.au
> >> Asunto: Re: (RADIATOR) Windows NT password has troubles
> >>
> >>
> >> Hello John -
> >>
> >> I would suggest you run Radiator for testing purposes manually (rather
> >> than a
> >> service), to make sure you have all the correct priveledges (run
> >> Radiator in
> >> one terminal window and radpwtst in another). Once you have got
> >> Radiator running successfully that way, then you will know how to
> >> correctly configure
> >> the service.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >> On Saturday 25 August 2001 01:13, John Edward Kekhan Nino wrote:
> >> > Hello Hugh
> >> >
> >> > Yes, I had checked the share secret and is fine. Otherwise I ran the
> >> > radpwtst from the local server where the Radiator is installed and I
> >> > get this problem. I comented the <Client TotalControl> to use only
> >> > the localhost client and I get the same problem.
> >> >
> >> > I installed the radiator as WinNt superuser (administrator), but I´m
> >>
> >> not
> >>
> >> > sure if it is necessary configure anything else in the service
> >>
> >> properties
> >>
> >> > tab in control panel.
> >> >
> >> >
> >> > John Edward Kekhan N.
> >> > Network Manager
> >> > Polycom S.A. - Colombia
> >> > jekekhan at poly.com.co
> >> >
> >> > > ----------
> >> > > De: Hugh Irvine[SMTP:hugh at open.com.au]
> >> > > Responder a: hugh at open.com.au
> >> > > Enviado el: Jueves, 23 de Agosto de 2001 06:46 p.m.
> >> > > Para: John Edward Kekhan Nino; radiator at open.com.au
> >> > > Asunto: Re: (RADIATOR) Windows NT password has troubles
> >> > >
> >> > >
> >> > > Hello John -
> >> > >
> >> > > Have you checked the shared secrets between the NAS and Radiator?
> >> > >
> >> > > And what user are you running Radiator as? Does that user have
> >> > > administrator
> >> > > priveledges to be able to access the domain controller?
> >> > >
> >> > > regards
> >> > >
> >> > > Hugh
> >> > >
> >> > > On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote:
> >> > > > Hello
> >> > > >
> >> > > > I have another trouble using radiator in windows NT, when I use
> >> > > > the password the log shows the message,
> >> > > >
> >> > > > Access rejected for e0999626: NT AuthenticateUser failed: Logon
> >> > > > failure: unknown user name or bad password.
> >> > > >
> >> > > > but if I use the parameter NoCheckPassword in AuthBy NT, the
> >> > > > user
> >>
> >> is
> >>
> >> > > > success and the Access is granted
> >> > > >
> >> > > > Here is my radisu.cfg file
> >> > > >
> >> > > > # Radiator configuration file.
> >> > > >
> >> > > > AcctPort 1646
> >> > > > AuthPort 1645
> >> > > > DbDir E:\Radiator-2.18.2\radius
> >> > > > DictionaryFile %D\dictionary\dictionary
> >> > > > FingerProg C:\WINNT\system32\finger.exe
> >> > > >
> >> > > > LogDir E:\Radiator-2.18.2\log
> >> > > > LogFile %L\logradius.log
> >> > > > PidFile %L\radiusd.pid
> >> > > > Trace 4
> >> > > >
> >> > > > <Client localhost>
> >> > > > DupInterval 0
> >> > > > Secret mysecret
> >> > > > </Client>
> >> > > >
> >> > > > <Client TotalControl>
> >> > > > Description totalcontrol
> >> > > > DupInterval 2
> >> > > > NasType TotalControl
> >> > > > Secret xxxxxxxxxxxxxx
> >> > > > </Client>
> >> > > >
> >> > > > <Realm DEFAULT>
> >> > > >
> >> > > > <AuthBy GROUP>
> >> > > > AuthByPolicy ContinueWhileReject
> >> > > >
> >> > > > <AuthBy NT>
> >> > > > DefaultSimultaneousUse 2
> >> > > > Description domain WinNT
> >> > > > Domain domain1
> >> > > > DomainController \\domaincontroller1
> >> > > > Identifier ECP1
> >> > > > </AuthBy>
> >> > > >
> >> > > > <AuthBy NT>
> >> > > > DefaultSimultaneousUse 2
> >> > > > Description Domain Trans
> >> > > >
> > > > > > Domain domain2
> >> > > >
> >> > > > DomainController \\domaincontroller2
> >> > > > Identifier ECP2
> >> > > > </AuthBy>
> >> > > >
> >> > > > <AuthBy FILE>
> >> > > > Description testing
> >> > > > Filename %D\users
> >> > > > </AuthBy>
> >> > > > </AuthBy>
> >> > > >
> >> > > > Description RASECP
> >> > > > RejectHasReason
> >> > > > SessionDatabase
> >> > > > </Realm>
> >> > > >
> >> > > > <SNMPAgent >
> >> > > > Community public
> >> > > > Port 161
> >> > > > </SNMPAgent>
> >> > > >
> >> > > > the users file
> >> > > >
> >> > > > DEFAULT Auth-Type = ECP1, Service-Type = Framed-User
> >> > > > Framed-Protocol = PPP,
> >> > > > Fall-Through = yes
> >> > > >
> >> > > > DEFAULT Auth-Type = ECP2, Service-Type = Framed-User
> >> > > > Framed-Protocol = PPP
> >> > > > Fall-Through = yes
> >> > > >
> >> > > > # I left this user to probe configuration
> >> > > >
> >> > > > fred User-Password = "fred",Service-Type = Framed-User
> >> > > > Framed-Protocol = PPP,
> >> > > > Framed-IP-Netmask = 255.255.255.255,
> >> > > > Framed-Routing = None,
> >> > > > Framed-MTU = 1500,
> >> > > > Framed-Compression = Van-Jacobson-TCP-IP
> >> > > >
> >> > > > and the log from radius server
> >> > > >
> >> > > > Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2
> >> > > > on
> >> > >
> >> > > radecp
> >> > >
> >> > > > Wed Aug 22 17:58:34 2001: DEBUG: Packet dump:
> >> > > > *** Received from 127.0.0.1 port 1244 ....
> >> > > > Code: Access-Request
> >> > > > Identifier: 19
> >> > > > Authentic: 1234567890123456
> >> > > > Attributes:
> >> > > > User-Name = "e0999626"
> >> > > > Service-Type = Framed-User
> >> > > > NAS-IP-Address = 203.63.154.1
> >> > > > NAS-Port = 1234
> >> > > > Called-Station-Id = "123456789"
> >> > > > Calling-Station-Id = "987654321"
> >> > > > NAS-Port-Type = Async
> >> > > > User-Password =
> >> > > > "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>"
> >> > > >
> >> > > > Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler
> >> > > > 'Realm=DEFAULT'
> >> > > > Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626,
> >> > > > 203.63.154.1, 1234
> >> > > > Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT
> >> > > > Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT
> >> > > > AuthenticateUser failed: Logon failure: unknown user name or bad
> >> > >
> >> > > password.
> >> > >
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> >> > > > *** Sending to 127.0.0.1 port 1244 ....
> >> > > > Code: Access-Reject
> >> > > > Identifier: 19
> >> > > > Authentic: 1234567890123456
> >> > > > Attributes:
> >> > > > Reply-Message = "NT AuthenticateUser failed: Logon failure:
> >>
> >> unknown
> >>
> >> > > > user name or bad password.<13><10>"
> >> > > >
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> >> > > > *** Received from 127.0.0.1 port 1244 ....
> >> > > > Code: Accounting-Request
> >> > > > Identifier: 20
> >> > > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> >> > > > Attributes:
> >> > > > User-Name = "e0999626"
> >> > > > Service-Type = Framed-User
> >> > > > NAS-IP-Address = 203.63.154.1
> >> > > > NAS-Port = 1234
> >> > > > NAS-Port-Type = Async
> >> > > > Acct-Session-Id = "00001234"
> >> > > > Acct-Status-Type = Start
> >> > > > Called-Station-Id = "123456789"
> >> > > > Calling-Station-Id = "987654321"
> >> > > >
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> >> > > > 'Realm=DEFAULT'
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626,
> >> > > > 203.63.154.1, 1234
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> >> > > > *** Sending to 127.0.0.1 port 1244 ....
> >> > > > Code: Accounting-Response
> >> > > > Identifier: 20
> >> > > > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9>
> >> > > > Attributes:
> >> > > >
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> >> > > > *** Received from 127.0.0.1 port 1244 ....
> >> > > > Code: Accounting-Request
> >> > > > Identifier: 21
> >> > > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> >> > > > Attributes:
> >> > > > User-Name = "e0999626"
> >> > > > Service-Type = Framed-User
> >> > > >
> > > > > > NAS-IP-Address = 203.63.154.1
> >> > > >
> >> > > > NAS-Port = 1234
> >> > > > NAS-Port-Type = Async
> >> > > > Acct-Session-Id = "00001234"
> >> > > > Acct-Status-Type = Stop
> >> > > > Called-Station-Id = "123456789"
> >> > > > Calling-Station-Id = "987654321"
> >> > > > Acct-Delay-Time = 0
> >> > > > Acct-Session-Time = 1000
> >> > > > Acct-Input-Octets = 20000
> >> > > > Acct-Output-Octets = 30000
> >> > > >
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler
> >> > > > 'Realm=DEFAULT'
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626,
> >> > > > 203.63.154.1, 1234
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted
> >> > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump:
> >> > > > *** Sending to 127.0.0.1 port 1244 ....
> >> > > > Code: Accounting-Response
> >> > > > Identifier: 21
> >> > > > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127>
> >> > > > Attributes:
> >> > > >
> >> > > >
> >> > > > I have the following network configuration:
> >> > > >
> >> > > > The Radius server is WinNT 4.0 server as stand-alone on network
> >> > > > xxx.xxx.xxx.aaa
> >> > > > Two WInNT 4.0 as PDC on network yyy.yyy.aaa.bbb and
> >> > > > zzz.zzz.aaa.bbb
> >> > > >
> >> > > > I can see the servers and if I use the WinNT command "net view
> >> > > > \\domaincontroller1" from the Radius Server the PDC request to me
> >> > > > a username and password to log in, when I send the data it works
> >> > > > fine.
> >> > > >
> >> > > >
> >> > > > John Edward Kekhan N.
> >> > > > Network Manager
> >> > > > Polycom S.A. - Colombia
> >> > > > jekekhan at poly.com.co
> >> > > >
> >> > > >
> >> > > > ===
> >> > > > Archive at http://www.open.com.au/archives/radiator/
> >> > > > Announcements on radiator-announce at open.com.au
> >> > > > To unsubscribe, email 'majordomo at open.com.au' with
> >> > > > 'unsubscribe radiator' in the body of the message.
> >> > >
> >> > > --
> >> > > Radiator: the most portable, flexible and configurable RADIUS
> >> > > server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
> >> > > MacOS X. -
> >> > > Nets: internetwork inventory and management - graphical,
> >> > > extensible, flexible with hardware, software, platform and database
> >> > > independence. ===
> >> > > Archive at http://www.open.com.au/archives/radiator/
> >> > > Announcements on radiator-announce at open.com.au
> >> > > To unsubscribe, email 'majordomo at open.com.au' with
> >> > > 'unsubscribe radiator' in the body of the message.
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list