[RADIATOR] Radiator 3.16 / AuthBy LSA / AD2008

Stuart Kendrick skendric at fhcrc.org
Wed Nov 9 06:26:57 CST 2011


Hi folks,

I just upgraded one of the domain controllers (DC8) in my test Active
Directory environment from AD2003 to AD2008, and my test Radiator
installation has started denying authentications.

Is this is a known issue with Radiator 3.16?  Does anyone have Radiator
3.16 successfully authenticating against an AD2008 domain?  [I realize
that 3.16 is a little dated ... ]

########## AUTHENTICATION HANDLER TINKER TOYS ############

<AuthBy FILE>
	Identifier CheckCiscoEnable
	Filename	C:\Program Files\Radiator\ChKCiscoEnable
</AuthBy>

<AuthBy FILE>
	Identifier CheckCiscoReadOnly
	Filename	C:\Program Files\Radiator\ChKCiscoReadOnly
</AuthBy>

<AuthBy NT>
	Identifier CheckNT
	GroupRequired
	NoCheckPassword
</AuthBy>



########## AUTHENTICATION HANDLERS ############
<Handler Client-Identifier=vdops-mgmt>
	AuthByPolicy ContinueWhileAccept
	RejectHasReason

	# Handle administrative users
	<AuthBy LSA>
	</AuthBy>
 
 	# Check group membership and return the appropriate Service-Type
	<AuthBy GROUP>
	 	AuthByPolicy ContinueUntilAccept
	 	AuthBy CheckCiscoEnable
	 	AuthBy CheckCiscoReadOnly
	</AuthBy>
</Handler>

And from the log:

Wed Nov  9 04:15:52 2011: DEBUG: Handling request with Handler 'Client-Identifier=vdops-mgmt'
Wed Nov  9 04:15:52 2011: DEBUG: Deleting session for skendric, 10.6.50.46,3
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthLSA:
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthLSA looks for match with skendric [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthLSA ACCEPT: : skendric [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: AuthBy LSA result: ACCEPT,
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthGROUP:
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthFILE: CheckCiscoEnable
Wed Nov  9 04:15:52 2011: DEBUG: Reading users file C:\Program Files\Radiator\ChKCiscoEnable
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with skendric[skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE REJECT: No such user: skendric [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Handling with NT
Wed Nov  9 04:16:00 2011: DEBUG: Domain Controller name is \\DC8
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 5: Access is denied.: DEFAULT [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Handling with Radius::AuthFILE: CheckCiscoReadOnly
Wed Nov  9 04:16:00 2011: DEBUG: Reading users file C:\Program Files\Radiator\ChKCiscoReadOnly
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with skendric[skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: No such user: skendric [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Handling with NT
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 5: Access is denied.: DEFAULT [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: AuthBy GROUP result: REJECT, NT GetAttributes failed: 5: Access is denied.
Wed Nov  9 04:16:00 2011: INFO: Access rejected for skendric: NT GetAttributes failed: 5: Access is denied.

--sk

Stuart Kendrick
FHCRC



More information about the radiator mailing list