Re: (RADIATOR) Issue with NT domain authentication.

Tue, 4 Jan 2000 23:07:32 -0800 

Hi David,

I suspect its because you are logging in as ECC\Alphawest2, but the user in
your NT user manager is just Alphawest2 (ie without any prefix)

If that is the case, you should try logging in as just Alphawest2, or else use
a RewriteUsername to strip off the ECC\ prefix.

Hope that helps.

Cheers.



On Jan 5,  1:00pm, [EMAIL PROTECTED] wrote:
> Subject: (RADIATOR) Issue with NT domain authentication.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Radiator users,
>
> I am hoping that somebody can help me understand an issue that I am
> having with a Radiator config.  From the outset I will say that my
> experience with RADIUS is rather limited, so please excuse me if I use
> the wrong words here and there, or if my ideas are a bit munged.
>
> First a description of the system.  We have a Cisco 3620 with ten
> digital modems and an ethernet interface.  It is to serve dialin PPP
> connections to several groups of users.  I have Radiator installed on
> an NT PDC, supposedly using the NT domain for authenticating the
> dialin users.  We wish for the dialin users to be assigned IP
> addresses from different pools depending on their logical grouping:
> students to have an IP address from subnet A, staff from subnet B and
> so on.  As the NT authentication seems to be "yes" or "no", I have
> tried to set up the IP pool assignment based on the _called_ number.
>
> For example, User A (a student) calls 9555-5551 and authenticates,
> they are assigned an address from subnet A.  Another user, B (a
> teacher) calls 9555-5552 and authenticates, they are assigned an
> address from subnet B.
>
> The .cfg file that I am using is...
>
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
> <Client 192.168.2.130>
>       Secret  **removed**
>       DupInterval 0
>       FramedGroupBaseAddress  192.168.3.0
>       FramedGroupBaseAddress  192.168.4.0
>       FramedGroupBaseAddress  192.168.5.0
>       FramedGroupBaseAddress  192.168.6.0
> </Client>
> Trace 4
> <AuthBy NT>
>       Identifier Test-Tag
>       Domain ECC
> </AuthBy>
> <Handler Called-Station-Id=95555551,Service-Type=Framed-User>
>       <AuthBy FILE>
>               Filename users
>               FramedGroup 0
>               AddToReply \
>               Service-Type=Framed-User,\
>               Framed-Protocol=PPP,\
>               Annex-Primary-DNS-Server=203.34.218.197,\
>               Annex-Primary-NBNS-Server=192.168.1.5
>       </AuthBy>
>       AcctLogFileName ./detail
> </Handler>
> <Handler Called-Station-Id=95555552,Service-Type=Framed-User>
>       <AuthBy FILE>
>               Filename users
>               FramedGroup 1
>               AddToReply \
>               Service-Type=Framed-User,\
>               Framed-Protocol=PPP,\
>               Annex-Primary-DNS-Server=203.34.218.197,\
>               Annex-Primary-NBNS-Server=192.168.1.5
>       </AuthBy>
>       AcctLogFileName ./detail
> </Handler>
> <Handler Called-Station-Id=95555553,Service-Type=Framed-User>
>       <AuthBy FILE>
>               Filename users
>               FramedGroup 2
>               AddToReply \
>               Service-Type=Framed-User,\
>               Framed-Protocol=PPP,\
>               Annex-Primary-DNS-Server=203.34.218.197,\
>               Annex-Primary-NBNS-Server=192.168.1.5
>       </AuthBy>
>       AcctLogFileName ./detail
> </Handler>
> <Handler Called-Station-Id=95555554,Service-Type=Framed-User>
>       <AuthBy FILE>
>               Filename users
>               FramedGroup 3
>               AddToReply \
>               Service-Type=Framed-User,\
>               Framed-Protocol=PPP,\
>               Annex-Primary-DNS-Server=203.34.218.197,\
>               Annex-Primary-NBNS-Server=192.168.1.5
>       </AuthBy>
>       AcctLogFileName ./detail
> </Handler>
>
> The file "user" contains....
>
> DEFAULT Auth-Type=Test-Tag
>
> I was given this config by another Radiator user who had successfully
> implemented it on another site.  However, when I test this, radiusd
> complains that there is "no such user", despite the fact that the user
> does exist in the NT domain.
>
> The trace 4 output from the radiusd is shown below...
>
> Wed Jan  5 10:57:58 2000: DEBUG: Reading users file users
> Wed Jan  5 10:57:58 2000: DEBUG: Reading users file users
> Wed Jan  5 10:57:58 2000: DEBUG: Reading users file users
> Wed Jan  5 10:57:58 2000: DEBUG: Reading users file users
> Wed Jan  5 10:57:59 2000: INFO: Server started
> Wed Jan  5 11:00:11 2000: DEBUG: Packet dump:
> *** Received from 192.168.2.130 port 1645 ....
> Code:       Access-Request
> Identifier: 236
> Authentic:
> <144><161><224><223><212><26>i<249><152>I<20>r<147>'<162><129>
> Attributes:
>       NAS-IP-Address = 192.168.2.130
>       NAS-Port = 33
>       NAS-Port-Type = Async
>       User-Name = "ECC\Alphawest2"
>       Called-Station-Id = "95555551"
>       User-Password = "?<184>T<248>/Oi<183>;s8<242>Y<182><154><170>"
>       Service-Type = Framed-User
>       Framed-Protocol = PPP
>
> Wed Jan  5 11:00:11 2000: DEBUG: Check if Handler
> Called-Station-Id=95555551,Service-Type=Framed
> - -User should be used to handle this request
> Wed Jan  5 11:00:11 2000: DEBUG: Handling request with Handler
> 'Called-Station-Id=95555551,Servi
> ce-Type=Framed-User'
> Wed Jan  5 11:00:11 2000: DEBUG: Deleting session for ECC\Alphawest2,
> 192.168.2.130, 33
> Wed Jan  5 11:00:11 2000: DEBUG: Handling with Radius::AuthFILE
> Wed Jan  5 11:00:11 2000: DEBUG: Radius::AuthFILE looks for match with
> ECC\Alphawest2
> Wed Jan  5 11:00:11 2000: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Wed Jan  5 11:00:11 2000: DEBUG: Handling with NT
> Wed Jan  5 11:00:11 2000: DEBUG: Domain Controller name is
> \\ECCSERVER01
> Wed Jan  5 11:00:11 2000: DEBUG: Radius::AuthFILE REJECT: NT
> GetAttributes failed: 2221: No such
>  user
> Wed Jan  5 11:00:11 2000: INFO: Access rejected for ECC\Alphawest2: NT
> GetAttributes failed: 222
> 1: No such user
> Wed Jan  5 11:00:11 2000: DEBUG: Packet dump:
> *** Sending to 192.168.2.130 port 1645 ....
>       Code:       Access-Reject
>       Identifier: 236
>       Authentic:
> <144><161><224><223><212><26>i<249><152>I<20>r<147>'<162><129>
>       Attributes: Reply-Message = "Request Denied"
>
> Can anybody provide any leads as to why the authentication details are
> being rejected?
>
> Thanks in advance
> Dave Taylor
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.0.2
> Comment: Public key available from ldap://certserver.pgp.com
>
> iQA/AwUBOHJhS7XZ1jV6EllXEQK3cgCg2UcLO4BRTNsGrNNar2Uex8WlfH8AoIyY
> UUbJSLBGGaXN5efPH9lBeeFN
> =lvgO
> -----END PGP SIGNATURE-----
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from [EMAIL PROTECTED]



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to