(RADIATOR) Problem using AuthByLSA on XP against a remote domain controller.

Mike McCauley mikem at open.com.au
Thu Jan 15 16:19:53 CST 2004 

Hello John,


On Fri, 16 Jan 2004 04:30 am, John McFadden wrote:
> I've been testing Radiator and AuthByLSA on my XP workstation to
> authenticate to a PEAP request.

Is this XP personal or XP pro?

>
> I have modified the eap-multi.cfg file to point to the applicable domain.
>
> It works ok if I use my id but if another user tries to logon I get the
> following logon failure.
>
> I added a couple of displaylines  to the AuthByLSA.pm file to try to
> confirm the request is ok.
>
> Thu Jan 15 11:16:34 2004: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1'
> Thu Jan 15 11:16:34 2004: DEBUG:  Deleting session for , 129.100.1.245, 37
> Thu Jan 15 11:16:34 2004: DEBUG: Handling with Radius::AuthLSA: LSA
> Thu Jan 15 11:16:34 2004: DEBUG: Handling with EAP: code 2, 27, 61
> Thu Jan 15 11:16:34 2004: DEBUG: Response type 26
> Thu Jan 15 11:16:34 2004: DEBUG: Radius::AuthLSA looks for match with
> tracyg Thu Jan 15 11:16:34 2004: DEBUG: Radius::AuthLSA ACCEPT:
> Thu Jan 15 11:16:34 2004: WARNING: Domain: UWO
>      <=== This is the domain identfied in the config file so seems that
> is ok.                          .
> Thu Jan 15 11:16:34 2004: WARNING: Username:
> tracyg                            <==== This is the userid I'm testing
> with. Thu Jan 15 11:16:34 2004: WARNING: Status:
> 3221225582                        <===  This is that status that
> indicates a problem as it should be 0 as it was when my id is used
> Thu Jan 15 11:16:34 2004: WARNING: Could not LogonUserNetworkMSCHAPV2:
> Logon failure: user not allowed to log on to this computer.
> Thu Jan 15 11:16:34 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2
> Authentication failure
>
>
> Since my id works I assume I've got radiator and lsa set up correctly
> and it's more of a windows security issue on my XP workstation or
> perhaps the domain contoller.
> But the error message seems to imply the user couldn't logon to the XP
> system not the domain controller so I'm not sure.
>
> Logon failure: user not allowed to log on to this computer. <==== Note
> no mention of a domain here?
> If the error means tracyg is allowed to logon on my XP system that is
> correct but it should be checking that tracyg is allowed to logon to the
> UWO domain?
>
> I'm running Radiator under my id on XP and my id is set up to act as an
> administrator and to act as part of operating system.
>
> I'm not sure how the domain controller knows my XP system is allowed to
> use it to authenticate users?
>
> Any hints appreciated?
>
> Thanks in advance
> JLM.
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list