(RADIATOR) Problem with NT Authentication

Hugh Irvine hugh at open.com.au
Tue Feb 5 17:36:48 CST 2002


Hello Gionata -

Have you installed the Authen::Smb module from CPAN?

Section 6.27 in the Radiator manual ("doc/ref.html").

regards

Hugh


On Tue, 5 Feb 2002 20:18, gionata.lamia at t-systems.it wrote:
> Hi Hugh,
> I've just use pap authentication but the result is the same. I enclose the
> Log of Radiator as you have asked me:
>
> Fri Jan 25 09:32:03 2002: DEBUG: Packet dump:
> *** Received from 192.168.6.1 port 1645 ....
> Code:       Access-Request
> Identifier: 132
> Authentic:  e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
> Attributes:
>         User-Name = "DEBISITALIA\db00793"
>         User-Password =
> "<193><204>f@<216><224>3<158><28><147><174>o<200>^l<228>" NAS-Port = 20030
>         cisco-avpair = "interface=Serial0:30"
>         NAS-Port-Type = ISDN
>         Called-Station-Id = "257517508"
>         Calling-Station-Id = "257506057"
>         Service-Type = Framed-User
>         NAS-IP-Address = 192.168.6.1
>
> Fri Jan 25 09:32:03 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Fri Jan 25 09:32:03 2002: DEBUG:  Deleting session for
> DEBISITALIA\db00793, 192.168.6.1, 20030 Fri Jan 25 09:32:03 2002: DEBUG: do
> query is: delete from RADONLINE where NASIDENTIFIER='192.168.6.1' and
> NASPORT=020030
>
> Fri Jan 25 09:32:03 2002: DEBUG: Handling with NT
> Fri Jan 25 09:32:03 2002: INFO: Access rejected for DEBISITALIA\db00793: NT
> Authentication failed: Server Error (1) Fri Jan 25 09:32:03 2002: DEBUG:
> Packet dump:
> *** Sending to 192.168.6.1 port 1645 ....
> Code:       Access-Reject
> Identifier: 132
> Authentic:  e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
> Attributes:
>         Reply-Message = "Request Denied"
>         Reply-Message = "NT Authentication failed: Server Error (1)"
>
> Thanks
>
> Gionata
>
>
>
>
> Hugh Irvine <hugh at open.com.au>@open.com.au on 24/01/2002 22.27.35
>
> Please respond to hugh at open.com.au
>
> Sent by:  owner-radiator at open.com.au
>
>
> To:   gionata.lamia at t-systems.it, radiator at open.com.au
> cc:
>
> Subject:  Re: (RADIATOR) Problem with NT Authentication
>
>
>
> Hello Gionata -
>
> You will need to use PAP authentication with NT.
>
> If you still have a problem, please send me a trace 4 debug from Radiator
> showing what is happening.
>
> regards
>
> Hugh
>
> > Hi all,
> > I've  a big problem, I would like to use Radiator to switch the RAS
> > authentication requests to a NT server . Radiator is installed on Linux
> > server.
> > If in the RADIUS.CFG file I add the "NoCheckPassword" parameter the
> >  authentication takes place, otherwise on the Log of the RADIUS I have
>
> this
>
> >  error message:
> >
> > "INFO: Access rejected for domain\user: NT Authentication failed: Server
> > Error (1)"
> >
> > on my Cisco AS5300 i've codified to use chap, pap and ms-chap for PPP
> > authentication. I don't know because this happen, on the event view of NT
> > there is no errors messages.
> > This is my radius.cfg :
> >
> > <AuthBy NT>
> >                 Identifier NT
> >                 # You must set the domain name here to suit your site:
> >                 Domain administrator
> >
> >                 # ON NT, optionally specify the name of the
> >                 # Primary Domain Controller, including the leading
> >                 # \\ slashes, to override the default domain controller
> >                 # for the domain you specified above
> > #               DomainController \\romeo
> >
> >                 # On Unix, you MUST specify the Domain Controller
> >                 # name as the NT host name of the domain controller:
> >                 # its not optional. This needs to be set to the NT
> >                 # name of the Primary Domain Controller, and further
> >                 # the NT name must be in the Unix hosts or DNS
> >                 DomainController server.domain.it
> >
> >                 # On NT, you can optionally check the
> >                 # "Grant dialin permission to user" flag in the
> >                 # user manager. Requires the
> >                 # Win32-RasAdmin Perl package to be installed first
> >                 # HonourDialinPermission
> >
> >                 # This will set up some standard reply items for
> >                 # your NAS, you may need others for your NAS
> >                 DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> > #               NoCheckPassword
> > </AuthBy>
> >
> > <AuthBy DYNADDRESS>
> >         Identifier All-NT
> >         Allocator SQLAllocator
> >         PoolHint pool-NT
> > </AuthBy>
> >
> > <Realm DEFAULT>
> >         RejectHasReason
> >         AuthByPolicy ContinueWhileAccept
> >         AuthBy NT
> >         AuthBy All-NT
> > </Realm>
> >
> > Could anyone help me ?
> > Please !!!
> >
> > Gionata Lamia
> >
> > Networking Services/Systems Integrations
> > T-Systems Italia S.p.A.
> > Strada 2 Palazzo D
> > 20090 - Assago - MI
> > Phone: +39 02 89248240
> > Fax: +39 02 89248231
> > Mobile: +39 348 4521210
> > e-mail: Gionata.Lamia at T-Systems.it
> > Internet: http://www.T-Systems.it
> >
> > -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list