(RADIATOR) Slow NT Authentication ?

Smith, Mike (Doncaster) mike.smith at pil.com.au
Sun Oct 13 19:22:00 CDT 2002 

Hi all,

I've noticed that NT authentication is slow - taking 3 seconds per attempt.
If I match a user on the 2nd rule that uses NT authentication, it takes 6
seconds to respond. Is this normal?

I've only played with the product for a day, but it looks pretty good and if
I can resolve this problem I'll buy it.

Here's my config file :
	Foreground
	LogStdout
	LogDir		.
	DbDir		.
	Trace 		4
	<Client 144.130.4.5>
		Secret XXXXXXXX
	</Client>
	<Client 144.130.4.7>
		Secret XXXXXXXX
	</Client>
	<Client 10.3.35.20>
		Secret XXXXXXXX
	</Client>
	<Client 10.3.32.70>
		Secret XXXXXXXX
	</Client>
	<Realm DEFAULT>
		<AuthBy FILE>
			Filename c:\Radiator\mjs\UserAuth.txt
	 	</AuthBy>
		<AuthBy NT>
			Identifier NTAuthentication
			DomainController \\MY_BDC
			HonourDialinPermission
	 	</AuthBy>
	</Realm>

Here's my users file :
mike User-Password=testing
	Framed-Protocol=PPP,
	Framed-IP-Address=10.2.194.70,
	Framed-IP-Netmask=255.255.255.255,
	Idle-Timeout=1501,
	Session-Timeout=50400
mike2 User-Password=testing2
	Framed-Protocol=PPP,
	Framed-IP-Address=10.2.194.71,
	Framed-IP-Netmask=255.255.255.255,
	Idle-Timeout=1501,
	Session-Timeout=50400
DEFAULT Auth-Type=NTAuthentication, Group=BSS
	Framed-Protocol=PPP,
	Framed-IP-Address=255.255.255.1,
	Framed-IP-Netmask=255.255.255.255,
	Idle-Timeout=1501,
	Session-Timeout=50400
DEFAULT Auth-Type=NTAuthentication
	Framed-Protocol=PPP,
	Framed-IP-Address=10.2.194.99,
	Framed-IP-Netmask=255.255.255.255,
	Idle-Timeout=1501,
	Session-Timeout=50400

When I test using the user "mike" (using NTRadPing) I get a very quick
response.  When I test with a domain account I get a delay of more than 3
seconds if the user is in the group "BSS", and a delay of more than 6
seconds if not (Luckily, I probably wont use groups, so'll I'll only see a 3
second delay).

Here's the output from RADIATOR when authenticating :
	Attributes:
	        User-Name = "soetest"
	        User-Password =
"8<148><157><2>%<196><252><212><199>qv<7><134><12>yb"

	Fri Oct 11 18:16:57 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
	Fri Oct 11 18:16:57 2002: DEBUG:  Deleting session for soetest,
10.3.32.70,
	Fri Oct 11 18:16:57 2002: DEBUG: Handling with Radius::AuthFILE:
	Fri Oct 11 18:16:57 2002: DEBUG: Radius::AuthFILE looks for match
with soetest
	Fri Oct 11 18:16:57 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
	Fri Oct 11 18:16:57 2002: DEBUG: Handling with NT
	result 1 error 997
	Fri Oct 11 18:17:01 2002: DEBUG: Radius::AuthFILE REJECT: User
soetest is not in
	 Group BSS
	Fri Oct 11 18:17:01 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT1
	Fri Oct 11 18:17:01 2002: DEBUG: Handling with NT
	result 1 error 997
	Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE ACCEPT:
	Fri Oct 11 18:17:03 2002: DEBUG: Access accepted for soetest
	Fri Oct 11 18:17:03 2002: DEBUG: Packet dump:
	*** Sending to 10.3.32.70 port 1337 ....
	Code:       Access-Accept
	Identifier: 72
	Authentic:        1034324223
	Attributes:
	        Framed-IP-Address = 10.2.194.99
	        Framed-Protocol = PPP
	        Framed-IP-Netmask = 255.255.255.255
	        Idle-Timeout = 1501
	        Session-Timeout = 50400

	Fri Oct 11 18:17:03 2002: DEBUG: Packet dump:
	*** Received from 10.3.32.70 port 1337 ....
	Code:       Access-Request
	Identifier: 72
	Authentic:        1034324223
	Attributes:
	        User-Name = "soetest"
	        User-Password =
"8<148><157><2>%<196><252><212><199>qv<7><134><12>yb"

	Fri Oct 11 18:17:03 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
	Fri Oct 11 18:17:03 2002: DEBUG:  Deleting session for soetest,
10.3.32.70,
	Fri Oct 11 18:17:03 2002: DEBUG: Handling with Radius::AuthFILE:
	Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE looks for match
with soetest
	Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
	Fri Oct 11 18:17:03 2002: DEBUG: Handling with NT
	result 1 error 997
	Fri Oct 11 18:17:07 2002: DEBUG: Radius::AuthFILE REJECT: User
soetest is not in
	 Group BSS
	Fri Oct 11 18:17:07 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT1
	Fri Oct 11 18:17:07 2002: DEBUG: Handling with NT
	result 1 error 997
	Fri Oct 11 18:17:10 2002: DEBUG: Radius::AuthFILE ACCEPT:
	Fri Oct 11 18:17:10 2002: DEBUG: Access accepted for soetest
	Fri Oct 11 18:17:10 2002: DEBUG: Packet dump:
	*** Sending to 10.3.32.70 port 1337 ....
	Code:       Access-Accept
	Identifier: 72
	Authentic:        1034324223
	Attributes:
	        Framed-IP-Address = 10.2.194.99
	        Framed-Protocol = PPP
	        Framed-IP-Netmask = 255.255.255.255
	        Idle-Timeout = 1501
	        Session-Timeout = 50400

I've installed RADIATOR on a Windows-2000 member server in an NT4 domain.

Any help will be greatly appreciated.  Sorry about the length of the e-mail,
but I thought I should include all the details that might be relevant.

Regards,
Mike Smith
Pioneer Construction Materials
0418 769 456


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list