(RADIATOR) Problem with NT Authentication

gionata.lamia at t-systems.it gionata.lamia at t-systems.it
Fri Jan 25 01:48:08 CST 2002 

Hi Hugh,
I've just use pap authentication but the result is the same. I enclose the
Log of Radiator as you have asked me:

Fri Jan 25 09:32:03 2002: DEBUG: Packet dump:
*** Received from 192.168.6.1 port 1645 ....
Code:       Access-Request
Identifier: 132
Authentic:  e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
Attributes:
        User-Name = "DEBISITALIA\db00793"
        User-Password = "<193><204>f@<216><224>3<158><28><147><174>o<200>^l<228>"
        NAS-Port = 20030
        cisco-avpair = "interface=Serial0:30"
        NAS-Port-Type = ISDN
        Called-Station-Id = "257517508"
        Calling-Station-Id = "257506057"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.6.1

Fri Jan 25 09:32:03 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jan 25 09:32:03 2002: DEBUG:  Deleting session for DEBISITALIA\db00793, 192.168.6.1, 20030
Fri Jan 25 09:32:03 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='192.168.6.1' and NASPORT=020030

Fri Jan 25 09:32:03 2002: DEBUG: Handling with NT
Fri Jan 25 09:32:03 2002: INFO: Access rejected for DEBISITALIA\db00793: NT Authentication failed: Server Error (1)
Fri Jan 25 09:32:03 2002: DEBUG: Packet dump:
*** Sending to 192.168.6.1 port 1645 ....
Code:       Access-Reject
Identifier: 132
Authentic:  e<8>p<138><201>J<240><239><200>1<173><241><16><3>R<146>
Attributes:
        Reply-Message = "Request Denied"
        Reply-Message = "NT Authentication failed: Server Error (1)"

Thanks

Gionata




Hugh Irvine <hugh at open.com.au>@open.com.au on 24/01/2002 22.27.35

Please respond to hugh at open.com.au

Sent by:  owner-radiator at open.com.au


To:   gionata.lamia at t-systems.it, radiator at open.com.au
cc:

Subject:  Re: (RADIATOR) Problem with NT Authentication



Hello Gionata -

You will need to use PAP authentication with NT.

If you still have a problem, please send me a trace 4 debug from Radiator
showing what is happening.

regards

Hugh


> Hi all,
> I've  a big problem, I would like to use Radiator to switch the RAS
> authentication requests to a NT server . Radiator is installed on Linux
> server.
> If in the RADIUS.CFG file I add the "NoCheckPassword" parameter the
>  authentication takes place, otherwise on the Log of the RADIUS I have
this
>  error message:
>
> "INFO: Access rejected for domain\user: NT Authentication failed: Server
> Error (1)"
>
> on my Cisco AS5300 i've codified to use chap, pap and ms-chap for PPP
> authentication. I don't know because this happen, on the event view of NT
> there is no errors messages.
> This is my radius.cfg :
>
> <AuthBy NT>
>                 Identifier NT
>                 # You must set the domain name here to suit your site:
>                 Domain administrator
>
>                 # ON NT, optionally specify the name of the
>                 # Primary Domain Controller, including the leading
>                 # \\ slashes, to override the default domain controller
>                 # for the domain you specified above
> #               DomainController \\romeo
>
>                 # On Unix, you MUST specify the Domain Controller
>                 # name as the NT host name of the domain controller:
>                 # its not optional. This needs to be set to the NT
>                 # name of the Primary Domain Controller, and further
>                 # the NT name must be in the Unix hosts or DNS
>                 DomainController server.domain.it
>
>                 # On NT, you can optionally check the
>                 # "Grant dialin permission to user" flag in the
>                 # user manager. Requires the
>                 # Win32-RasAdmin Perl package to be installed first
>                 # HonourDialinPermission
>
>                 # This will set up some standard reply items for
>                 # your NAS, you may need others for your NAS
>                 DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> #               NoCheckPassword
> </AuthBy>
>
> <AuthBy DYNADDRESS>
>         Identifier All-NT
>         Allocator SQLAllocator
>         PoolHint pool-NT
> </AuthBy>
>
> <Realm DEFAULT>
>         RejectHasReason
>         AuthByPolicy ContinueWhileAccept
>         AuthBy NT
>         AuthBy All-NT
> </Realm>
>
> Could anyone help me ?
> Please !!!
>
> Gionata Lamia
>
> Networking Services/Systems Integrations
> T-Systems Italia S.p.A.
> Strada 2 Palazzo D
> 20090 - Assago - MI
> Phone: +39 02 89248240
> Fax: +39 02 89248231
> Mobile: +39 348 4521210
> e-mail: Gionata.Lamia at T-Systems.it
> Internet: http://www.T-Systems.it
>
> -------------------------------------------------------

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.



Gionata Lamia

Networking Services/Systems Integrations
T-Systems Italia S.p.A.
Strada 2 Palazzo D
20090 - Assago - MI
Phone: +39 02 89248240
Fax: +39 02 89248231
Mobile: +39 348 4521210
e-mail: Gionata.Lamia at T-Systems.it
Internet: http://www.T-Systems.it


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list