(RADIATOR) Slow NT Authentication ?

Sun, 13 Oct 2002 17:02:21 -0700 

Hi all,

I've noticed that NT authentication is slow - taking 3 seconds per attempt.
If I match a user on the 2nd rule that uses NT authentication, it takes 6
seconds to respond. Is this normal?

I've only played with the product for a day, but it looks pretty good and if
I can resolve this problem I'll buy it.

Here's my config file :
        Foreground
        LogStdout
        LogDir          .
        DbDir           .
        Trace           4
        <Client 144.130.4.5>
                Secret XXXXXXXX
        </Client>
        <Client 144.130.4.7>
                Secret XXXXXXXX
        </Client>
        <Client 10.3.35.20>
                Secret XXXXXXXX
        </Client>
        <Client 10.3.32.70>
                Secret XXXXXXXX
        </Client>
        <Realm DEFAULT>
                <AuthBy FILE>
                        Filename c:\Radiator\mjs\UserAuth.txt
                </AuthBy>
                <AuthBy NT>
                        Identifier NTAuthentication
                        DomainController \\MY_BDC
                        HonourDialinPermission
                </AuthBy>
        </Realm>

Here's my users file :
mike User-Password=testing
        Framed-Protocol=PPP,
        Framed-IP-Address=10.2.194.70,
        Framed-IP-Netmask=255.255.255.255,
        Idle-Timeout=1501,
        Session-Timeout=50400
mike2 User-Password=testing2
        Framed-Protocol=PPP,
        Framed-IP-Address=10.2.194.71,
        Framed-IP-Netmask=255.255.255.255,
        Idle-Timeout=1501,
        Session-Timeout=50400
DEFAULT Auth-Type=NTAuthentication, Group=BSS
        Framed-Protocol=PPP,
        Framed-IP-Address=255.255.255.1,
        Framed-IP-Netmask=255.255.255.255,
        Idle-Timeout=1501,
        Session-Timeout=50400
DEFAULT Auth-Type=NTAuthentication
        Framed-Protocol=PPP,
        Framed-IP-Address=10.2.194.99,
        Framed-IP-Netmask=255.255.255.255,
        Idle-Timeout=1501,
        Session-Timeout=50400

When I test using the user "mike" (using NTRadPing) I get a very quick
response.  When I test with a domain account I get a delay of more than 3
seconds if the user is in the group "BSS", and a delay of more than 6
seconds if not (Luckily, I probably wont use groups, so'll I'll only see a 3
second delay).

Here's the output from RADIATOR when authenticating :
        Attributes:
                User-Name = "soetest"
                User-Password =
"8<148><157><2>%<196><252><212><199>qv<7><134><12>yb"

        Fri Oct 11 18:16:57 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
        Fri Oct 11 18:16:57 2002: DEBUG:  Deleting session for soetest,
10.3.32.70,
        Fri Oct 11 18:16:57 2002: DEBUG: Handling with Radius::AuthFILE:
        Fri Oct 11 18:16:57 2002: DEBUG: Radius::AuthFILE looks for match
with soetest
        Fri Oct 11 18:16:57 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
        Fri Oct 11 18:16:57 2002: DEBUG: Handling with NT
        result 1 error 997
        Fri Oct 11 18:17:01 2002: DEBUG: Radius::AuthFILE REJECT: User
soetest is not in
         Group BSS
        Fri Oct 11 18:17:01 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT1
        Fri Oct 11 18:17:01 2002: DEBUG: Handling with NT
        result 1 error 997
        Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE ACCEPT:
        Fri Oct 11 18:17:03 2002: DEBUG: Access accepted for soetest
        Fri Oct 11 18:17:03 2002: DEBUG: Packet dump:
        *** Sending to 10.3.32.70 port 1337 ....
        Code:       Access-Accept
        Identifier: 72
        Authentic:        1034324223
        Attributes:
                Framed-IP-Address = 10.2.194.99
                Framed-Protocol = PPP
                Framed-IP-Netmask = 255.255.255.255
                Idle-Timeout = 1501
                Session-Timeout = 50400

        Fri Oct 11 18:17:03 2002: DEBUG: Packet dump:
        *** Received from 10.3.32.70 port 1337 ....
        Code:       Access-Request
        Identifier: 72
        Authentic:        1034324223
        Attributes:
                User-Name = "soetest"
                User-Password =
"8<148><157><2>%<196><252><212><199>qv<7><134><12>yb"

        Fri Oct 11 18:17:03 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
        Fri Oct 11 18:17:03 2002: DEBUG:  Deleting session for soetest,
10.3.32.70,
        Fri Oct 11 18:17:03 2002: DEBUG: Handling with Radius::AuthFILE:
        Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE looks for match
with soetest
        Fri Oct 11 18:17:03 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT
        Fri Oct 11 18:17:03 2002: DEBUG: Handling with NT
        result 1 error 997
        Fri Oct 11 18:17:07 2002: DEBUG: Radius::AuthFILE REJECT: User
soetest is not in
         Group BSS
        Fri Oct 11 18:17:07 2002: DEBUG: Radius::AuthFILE looks for match
with DEFAULT1
        Fri Oct 11 18:17:07 2002: DEBUG: Handling with NT
        result 1 error 997
        Fri Oct 11 18:17:10 2002: DEBUG: Radius::AuthFILE ACCEPT:
        Fri Oct 11 18:17:10 2002: DEBUG: Access accepted for soetest
        Fri Oct 11 18:17:10 2002: DEBUG: Packet dump:
        *** Sending to 10.3.32.70 port 1337 ....
        Code:       Access-Accept
        Identifier: 72
        Authentic:        1034324223
        Attributes:
                Framed-IP-Address = 10.2.194.99
                Framed-Protocol = PPP
                Framed-IP-Netmask = 255.255.255.255
                Idle-Timeout = 1501
                Session-Timeout = 50400

I've installed RADIATOR on a Windows-2000 member server in an NT4 domain.

Any help will be greatly appreciated.  Sorry about the length of the e-mail,
but I thought I should include all the details that might be relevant.

Regards,
Mike Smith
Pioneer Construction Materials
0418 769 456


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to