(RADIATOR) AuthBy LSA Issues still unresolved

Hugh Irvine hugh at open.com.au
Tue Apr 8 19:34:08 CDT 2008 

Hello Charles -

Here is the section of the logfile:


Tue Apr  8 14:54:19 2008: DEBUG: Handling request with Handler  
'TunnelledByPEAP=1'
Tue Apr  8 14:54:19 2008: DEBUG:  Deleting session for anonymous,  
10.24.70.26, 29
Tue Apr  8 14:54:19 2008: DEBUG: Handling with Radius::AuthLSA:
Tue Apr  8 14:54:19 2008: DEBUG: Handling with EAP: code 2, 12, 63, 26
Tue Apr  8 14:54:19 2008: DEBUG: Response type 26
Tue Apr  8 14:54:19 2008: DEBUG: Radius::AuthLSA looks for match with  
cottrell [anonymous]
Tue Apr  8 14:54:19 2008: DEBUG: Radius::AuthLSA ACCEPT: : cottrell  
[anonymous]

Tue Apr  8 14:54:19 2008: WARNING: Could not LogonUserNetworkMSCHAP  
(V2): 3221225581, 0, Logon failure: unknown user name or bad password.


The AuthBy LSA is returning ACCEPT - but the MSCHAP-V2 part is  
failing because Windows on the Radiator host could not log the user  
onto the network.

If defining the user on the local machine works correctly, then there  
must be some problem with the machine talking to AD, or the user does  
not in fact have network logon enabled.

regards

Hugh


On 9 Apr 2008, at 05:06, Cottrell, Charles P. wrote:
> Greetings from South Carolina!  I am having a difficult time  
> configuring radiator to authenticate against a Windows domain using  
> the AuthBy LSA clause.  Several weeks ago Steve Caporossi posted  
> about this same issue, and so far we’ve not been able to resolve  
> this issue.  Help!
>
>
>
> Attached are both the log file and the radius.cfg file.  The  
> configuration is very generic since we want to keep it simple for  
> the time being.
>
>
>
> Some other info:
>
>
>
> Radiator is running on Windows XP and is running from a startup  
> batch file.
>
>
>
> Odyssey v4.51 is the client on a Windows XP laptop.
>
>
>
> Towards the end of the log file there is a section where the EAP  
> MSCHAP-V2 authentication fails due to unknown username/bad  
> password, and of course access is rejected.  However, I use this  
> combo daily and it is correct.
>
>
>
> Thanks in advance!
>
>
>
> Charles
>
>
>
> Charles P. Cottrell
>
> Network Administrator
>
> Medical University of South Carolina
>
> 843.792.9938
>
>
>
> <040808.log><radius.cfg>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list