(RADIATOR) Trying to get Windows Group membership working in AuthLSA

Michel Lapointe MLapointe at jeancoutu.com
Tue Jul 6 09:10:16 CDT 2004 

Hi,

I'm evaluating Radiator 3.9 with all patches on Windows 2000 Server sp4
(member server).  I'm trying to use the new Windows Group Membership
feature but it does not seam to work.

If I don't specify any Group, I can successfully authenticate both Local
users (test) and Domain users (domain\test).  So the LSA authentication is
working fine.  If I specify a Group, then I receive "Access rejected for
test:  AuthBy LSA User is not a member of any Group".  I tried to use local
group (locally on the server) or Global (Domain) Group without success.

Here is my config:

Foreground
LogStdout
LogDir            c:/Program Files/Radiator
DbDir       c:/Program Files/Radiator

Trace             5

<Client DEFAULT>
      Secret      mysecret
      DupInterval 0
</Client>

<Realm DEFAULT>
      <AuthBy LSA>
            Group TestGroup
            Group Users
      </AuthBy>
</Realm>

And the debug:

Tue Jul  6 08:56:17 2004: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1466 ....

Packet length = 90
01 3d 00 5a 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 06 74 65 73 74 06 06 00 00 00 02
04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32
33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33
32 31 3d 06 00 00 00 00 02 12 c8 b9 6c 99 9a 6a
33 ce bc 38 09 a0 d8 7d 78 99
Code:       Access-Request
Identifier: 61
Authentic:  1234567890123456
Attributes:
        User-Name = "test"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password
= "<200><185>l<153><154>j3<206><188>8<9><160><216>}x<153>"


Tue Jul  6 08:56:17 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Jul  6 08:56:17 2004: DEBUG:  Deleting session for test, 203.63.154.1,
1234
Tue Jul  6 08:56:17 2004: DEBUG: Handling with Radius::AuthLSA:
Tue Jul  6 08:56:17 2004: DEBUG: Radius::AuthLSA looks for match with test
Tue Jul  6 08:56:17 2004: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA User is
not a member of any Group
Tue Jul  6 08:56:17 2004: INFO: Access rejected for test: AuthBy LSA User
is not a member of any Group
Tue Jul  6 08:56:17 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1466 ....

Packet length = 36
03 3d 00 24 dd 31 ca 56 f2 e2 1b 8e 89 66 3a 06
1b 34 45 47 12 10 52 65 71 75 65 73 74 20 44 65
6e 69 65 64
Code:       Access-Reject
Identifier: 61
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"


Thanks

Michel Lapointe
The Jean Coutu Group (PJC) inc.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list