(RADIATOR) Problem using AuthByLSA on XP against a remote domain controller.

John McFadden dasjlm at uwo.ca
Thu Jan 15 11:30:46 CST 2004 

I've been testing Radiator and AuthByLSA on my XP workstation to 
authenticate to a PEAP request.

I have modified the eap-multi.cfg file to point to the applicable domain.

It works ok if I use my id but if another user tries to logon I get the 
following logon failure.

I added a couple of displaylines  to the AuthByLSA.pm file to try to 
confirm the request is ok.

Thu Jan 15 11:16:34 2004: DEBUG: Handling request with Handler 
'TunnelledByPEAP=1'
Thu Jan 15 11:16:34 2004: DEBUG:  Deleting session for , 129.100.1.245, 37
Thu Jan 15 11:16:34 2004: DEBUG: Handling with Radius::AuthLSA: LSA
Thu Jan 15 11:16:34 2004: DEBUG: Handling with EAP: code 2, 27, 61
Thu Jan 15 11:16:34 2004: DEBUG: Response type 26
Thu Jan 15 11:16:34 2004: DEBUG: Radius::AuthLSA looks for match with tracyg
Thu Jan 15 11:16:34 2004: DEBUG: Radius::AuthLSA ACCEPT:
Thu Jan 15 11:16:34 2004: WARNING: Domain: UWO                           
     <=== This is the domain identfied in the config file so seems that 
is ok.                          .
Thu Jan 15 11:16:34 2004: WARNING: Username: 
tracyg                            <==== This is the userid I'm testing with.
Thu Jan 15 11:16:34 2004: WARNING: Status: 
3221225582                        <===  This is that status that 
indicates a problem as it should be 0 as it was when my id is used
Thu Jan 15 11:16:34 2004: WARNING: Could not LogonUserNetworkMSCHAPV2: 
Logon failure: user not allowed to log on to this computer.
Thu Jan 15 11:16:34 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2 
Authentication failure


Since my id works I assume I've got radiator and lsa set up correctly 
and it's more of a windows security issue on my XP workstation or 
perhaps the domain contoller.
But the error message seems to imply the user couldn't logon to the XP 
system not the domain controller so I'm not sure.

Logon failure: user not allowed to log on to this computer. <==== Note 
no mention of a domain here? 
If the error means tracyg is allowed to logon on my XP system that is 
correct but it should be checking that tracyg is allowed to logon to the 
UWO domain?

I'm running Radiator under my id on XP and my id is set up to act as an 
administrator and to act as part of operating system.

I'm not sure how the domain controller knows my XP system is allowed to 
use it to authenticate users?

Any hints appreciated?

Thanks in advance
JLM.




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list