[RADIATOR] help with AuthBy LSA failure
Jason Mueller
jasmuell at indiana.edu
Sat Aug 9 00:05:50 CDT 2008
Mike,
> One possibility is that there is a problem with one of the MSCHAPV2
> support
> modules used by Radiator. You may want to try configuring Radiator
> on that
> machine to auth from a flat file (AuthBy FILE) and authenticate
> against that
> with radpwtst using both PAP and MSCHAPV2.
I previously tested authentication with a flat file, and that works
for both PAP and MS-CHAPv2. Sorry I didn't mention that. This led me
to believe there might be an issue with the LSA module rather than
something more general with Radiator.
> Another possibility is some unusual configuration issue in your AD
> configuraiton. Is there anything unusual about it, or is it 'out of
> the box'?
The only thing I am aware of (which has tripped us up before) is that
the only NTLMv2 authentications are allowed by policy (NTLMv1 and LM
are not allowed). Does your test setup work if you restrict the LAN
Manager authentication level on the Windows host with Radiator and
the domain controllers to "Send NTLMv2 response only\refuse LM & NTLM"?
Other than that, I am not aware of anything special about our
environment. I have previously asked our AD folks, and they think
everything should work (especially since IAS works).
> Another possibility is that maybe you need to set DefaultDomain in
> your AuthBy
> LSA.
I will try this on Monday. I set the Domain value, so I thought the
DefaultDomain was redundant. There is actually only one domain in the
forest the machine is joined to, so this should not be a problem.
Thanks for your help.
-Jason
More information about the radiator
mailing list