(RADIATOR) Group and NT Auth

Anton Krall akrall at team.inter.net
Thu Jul 5 15:47:24 CDT 2001 

I think I got everythng woprking fine..  except one thingy :

user akrall is a member of gourp Administrators under Win2k.... and I
adeed thi to my radiator config file to be used by Authby File:

DEFAULT Auth-Type = CheckNT, Group = "Administrators"

But everytime akrall tries to login... the logs say:

Thu Jul  5 15:45:06 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jul  5 15:45:06 2001: DEBUG: SDB1 Deleting session for akrall, 10.0.0.1, 5
Thu Jul  5 15:45:06 2001: DEBUG: Handling with Radius::AuthFILE
Thu Jul  5 15:45:06 2001: DEBUG: Reading users file c:/radiator/logs/config-usua
rios
Thu Jul  5 15:45:06 2001: DEBUG: Radius::AuthFILE looks for match with akrall
Thu Jul  5 15:45:06 2001: DEBUG: Reading users file c:/radiator/logs/config-usua
rios
Thu Jul  5 15:45:06 2001: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Thu Jul  5 15:45:06 2001: DEBUG: Handling with NT
Thu Jul  5 15:45:07 2001: DEBUG: Radius::AuthFILE REJECT: User akrall is not in
Group Administrators
Thu Jul  5 15:45:07 2001: DEBUG: Reading users file c:/radiator/logs/config-usua
rios
Thu Jul  5 15:45:07 2001: INFO: Access rejected for akrall: User akrall is not i
n Group Administrators
Thu Jul  5 15:45:07 2001: DEBUG: Packet dump:
*** Sending to 10.0.0.1 port 1645 ....
Code:       Access-Reject
Identifier: 186
Authentic:  <170><155>8<17>vw<228>M<2><19>PINo|<5>
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Reply-Message = "User akrall is not in Group Administrators"


Any ideas?

        

Saludos

Anton Krall
Director de Tecnologia
Inter.net Mexico
(www.mx.inter.net)
Email: akrall at team.inter.net
Directo: 5-241-7609
Conmutador: 5-241-7600
Mobile: 044-5105-5160

Outside Mexico:
Office: (525)241-7609
PBX: (525)241-7600
Mobile: (525)105-5160

______________________

Thursday, July 05, 2001, 3:11:33 AM, you wrote:


HI> Hello Anton -

HI> You need to use cascaded AuthBy clauses to pass a Group tag.

HI> Here is an example configuration file:

HI> # define AuthBy clauses

HI> <AuthBy FILE>
HI>         Identifier CheckUserAndGroup
HI>         .....
HI> </AuthBy>

HI> <AuthBy NT>
HI>         Identifier CheckNT
HI>         .....
HI> </AuthBy>

HI> # define Realms or Handlers

HI> <Realm ....>
HI>         AuthBy CheckUserAndGroup
HI>         ....
HI> </Realm>


HI> And the contents of the file referenced by the AuthBy FILE clause:

HI> # define DEFAULT users (or individual users) with Group check items

HI> DEFAULT Auth-Type = CheckNT, Group = .....

HI> .....



HI> If you have any further questions, don't hesitate to ask.

HI> regards

HI> Hugh


HI> At 21:29 -0500 01/7/4, Anton Krall wrote:
>>Its version 2.18.1
>>
>>The pw error seems to be fixed upgrading to 2.18.1.. but I still dont
>>quite grasp the authby and auth-type stuff.. :) anybody has some code
>>I can look at?
>>
>>Saludos
>>
>>Anton Krall
>>Director de Tecnologia
>>Inter.net Mexico
>>(www.mx.inter.net)
>>Email: akrall at team.inter.net
>>Directo: 5-241-7609
>>Conmutador: 5-241-7600
>>Mobile: 044-5105-5160
>>
>>Outside Mexico:
>>Office: (525)241-7609
>>PBX: (525)241-7600
>>Mobile: (525)105-5160
>>
>>
>>Wednesday, July 04, 2001, 9:11:27 PM, you wrote:
>>
>>MA> What version of Radiator are you using.
>>MA> In the old version he had the program change the persons PW as a form of
>>MA> authentication but under Win2k it wouldn't allow the user to change the pw
>>MA> to the same thing they already had.
>>
>>MA> Also.. make sure that when you log in with the password its not 
>>forcing the
>>MA> user to change it. That might cause the failure you are getting.
>>
>>
>>MA> Just a thought.
>>
>>MA> -Michael Audet
>>MA> Network Services
>>MA> Chubb & Son
>>MA> maudet at chubb.com
>>
>>MA> ----- Original Message -----
>>MA> From: "Anton Krall" <akrall at team.inter.net>
>>MA> To: <radiator at open.com.au>
>>MA> Sent: Wednesday, July 04, 2001 3:49 PM
>>MA> Subject: Re: (RADIATOR) Group and NT Auth
>>
>>
>>>>  This is what Im getting on ly logs:
>>>>
>>>>  *** Received from 10.0.0.1 port 1645 ....
>>>>  Code:       Access-Request
>>>>  Identifier: 125
>>>>  Authentic:  ><159><236><181>J<187><216>1<22><151><132>m<162>3<240>i
>>>>  Attributes:
>>>>          User-Name = "akrall2"
>>>>          NAS-IP-Address = 10.0.0.1
>>>>          User-Password =
>>MA> "<131><154><192>6<184>3><165><172><26><216><185><255><1
>>>>  7><204><1>"
>>>>          NAS-Port = 5
>>>>
>>>>  Wed Jul  4 14:47:41 2001: DEBUG: Handling request with Handler
>>MA> 'Realm=DEFAULT'
>>>>  Wed Jul  4 14:47:41 2001: DEBUG: SDB1 Deleting session for akrall2,
>>MA> 10.0.0.1, 5
>>>>  Wed Jul  4 14:47:41 2001: DEBUG: Handling with NT
>>>>  Wed Jul  4 14:47:41 2001: INFO: Access rejected for akrall2: NT
>>MA> CheckPassword f
>>>>  iled: 5: Access is denied.
>>>>
>>>>  Wed Jul  4 14:47:41 2001: DEBUG: Packet dump:
>>>>  *** Sending to 10.0.0.1 port 1645 ....
>>>>  Code:       Access-Reject
>>>>  Identifier: 125
>>>>  Authentic:  ><159><236><181>J<187><216>1<22><151><132>m<162>3<240>i
>>>>  Attributes:
>>>>          Reply-Message = "Request Denied"
>>>>          Reply-Message = "NT CheckPassword failed: 5: Access is
>>MA> denied.<13><10>"
>>>>
>>>>
>>>>
>>>>  Saludos
>>>>
>>>>  Anton Krall
>>>>  Director de Tecnologia
>>>>  Inter.net Mexico
>>>>  (www.mx.inter.net)
>>>>  Email: akrall at team.inter.net
>>>>  Directo: 5-241-7609
>>>>  Conmutador: 5-241-7600
>>>>  Mobile: 044-5105-5160
>>>>
>>>>  Outside Mexico:
>>>>  Office: (525)241-7609
>>>>  PBX: (525)241-7600
>>>>  Mobile: (525)105-5160
>>>>
>>>>  ______________________
>>>>
>>>>  Wednesday, July 04, 2001, 12:56:31 PM, you wrote:
>>>>
>>>>  AK> Guys.-
>>>>
>>>>  AK> Im using Auth NT to run radiator under nt to auth with my firewall..
>>>>
>>>>  AK> Everything is working fine except that I cant the Group = XXX inside
>>>>  AK> the Authby NT to work.
>>>>
>>>>  AK> How do you make sure a user belong to a certain group in NT and also,
>>>>  AK> how can you nest Authyby? I think I can use the identifiers on Authby
>>>>  AK> to cascade Authbys, am I right?
>>>>
>>>>  AK> And how do I make the Group clause in Authby work?
>>>>
>>>>
>>>>
>>>>  AK> Saludos
>>>>
>>>>  AK> Anton Krall
>>>>  AK> Director de Tecnologia
>>>>  AK> Inter.net Mexico
>>  >> AK> (www.mx.inter.net)
>>>>  AK> Email: akrall at team.inter.net
>>>>  AK> Directo: 5-241-7609
>>>>  AK> Conmutador: 5-241-7600
>>>>  AK> Mobile: 044-5105-5160
>>>>
>>>>  AK> Outside Mexico:
>>>>  AK> Office: (525)241-7609
>>>>  AK> PBX: (525)241-7600
>>>>  AK> Mobile: (525)105-5160
>>>>
>>>>  AK> ===
>>>>  AK> Archive at http://www.open.com.au/archives/radiator/
>>>>  AK> Announcements on radiator-announce at open.com.au
>>>>  AK> To unsubscribe, email 'majordomo at open.com.au' with
>>>>  AK> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>  ===
>>>>  Archive at http://www.open.com.au/archives/radiator/
>>>>  Announcements on radiator-announce at open.com.au
>>>>  To unsubscribe, email 'majordomo at open.com.au' with
>>>>  'unsubscribe radiator' in the body of the message.
>>>>
>>
>>===
>>Archive at http://www.open.com.au/archives/radiator/
>>Announcements on radiator-announce at open.com.au
>>To unsubscribe, email 'majordomo at open.com.au' with
>>'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list