Hi Steve,
On Sun, 10 Aug 2003 09:10 pm, Steve Rogers wrote: > Hi Mike, > > Thanks for the reply. > > I've done some tests with MSCHAPv2 and that works. > All the testing has been done with radpwtst from the Radiator dist. > > At the moment we are just testing by using the user accounts on the > local machine that Radiator is running on. This is XP Pro. OK, in that case, I am seeing similar behaviour here with XP PRO. I will keep looking for the solution, but the error message sounds a bit like something required in XP pro is missing. Cheers. > > Cheers > Steve > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Mike McCauley > Sent: 10 August 2003 02:05 > To: Steve Rogers; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) FW: Help with AuthBy LSA > > > Hello Steve, > > On Sun, 10 Aug 2003 12:47 am, Steve Rogers wrote: > > Hello, > > > > I have changed the password a couple of times after the "store > > passwords in reversible encryption" and still it fails. I've rebooted > > the machine and tried creating new user accounts and authenticating > > against those, but chap still fails. > > That should be enought to set the password properly. > > > Am I still missing something? I'd really appreciate any ideas. > > Hmmm. > Is MSCHAPV2 working OK? > Are you testing with radpwtst? > What sort of host is your AD on? > > Cheers. > > > Steve > > > > -----Original Message----- > > From: Mike McCauley [mailto:[EMAIL PROTECTED] > > Sent: 09 August 2003 01:06 > > To: Steve Rogers > > Subject: Re: Help with AuthBy LSA > > > > > > Hello Steve, > > > > On Sat, 9 Aug 2003 07:47 am, Steve Rogers wrote: > > > Hi Mike, > > > > > > I've been trying out the new AuthBy LSA code and I can't get chap to > > > > > > work. Pap, mschap work flawlessly. The user accounts are on the > > > local machine so there's no AD/NT domain. > > > > > > I'm using Radiator 3.6 on Windows XP Pro (SP1) with Activestate Perl > > > > > > 5.6.1 and the Win32-Lsa perl module. The config file is the lsa.cfg > > > from goodies dir in the Radiator distribution. > > > > > > Radiator is running with Admin privs, with act as part of operating > > > system and the local computer policy has store passwords in > > > reversible > > > > > > encryption enabled. > > > > Thats sounds all OK, but if you turned on "store passwords in > > reversible > > > > encryption" _after_ the users password has been set in AD, you will > > need to _reset_ the password in AD, else it does not really have the > > reversible password stored. > > > > Hope that helps. > > > > BTW, it would be better if you address any future technical questions > > you might have to the Radiator mailing list. That way others can learn > > from the question and answer, and possibly contribute in areas where I > > am not expert. Also, we have other staff on the mailing list who can > > respond when I am not available. > > > > You can join the Radiator mailing list by sending email with the > > single word subscribe in the body (not in the subject line) to > > [EMAIL PROTECTED] There is an archive at > > http://www.open.com.au/archives/radiator/ > > Cheers. > > > > > He's the debug - first is pap auth, then mschap and finally chap > > > which > > > > > > has the following warning: > > > > > > WARNING: Could not LogonUserNetworkCHAP: > > > > > > > > > D:\Radiator\Radiator-3.6>perl radiusd -config_file lsa.cfg Fri Aug > > > 8 22:44:12 2003: DEBUG: Finished reading configuration file > > > 'lsa.cfg' Fri Aug 8 22:44:12 2003: DEBUG: Reading dictionary file > > > > './dictionary' > > > > > Fri Aug 8 22:44:12 2003: DEBUG: Creating authentication port > > > 0.0.0.0:1645 Fri Aug 8 22:44:12 2003: DEBUG: Creating accounting > > > port 0.0.0.0:1646 Fri Aug 8 22:44:12 2003: NOTICE: Server started: > > > Radiator 3.6 on ROGERSSLT1 > > > Fri Aug 8 22:44:40 2003: DEBUG: Packet dump: > > > *** Received from 192.168.0.2 port 1120 .... > > > Code: Access-Request > > > Identifier: 85 > > > Authentic: 1234567890123456 > > > Attributes: > > > User-Name = "stever" > > > Service-Type = Framed-User > > > NAS-IP-Address = 203.63.154.1 > > > NAS-Port = 1234 > > > Called-Station-Id = "123456789" > > > Calling-Station-Id = "987654321" > > > NAS-Port-Type = Async > > > User-Password = > > > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153 > > > > > > >" > > > > > > Fri Aug 8 22:44:40 2003: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Fri Aug 8 22:44:40 2003: DEBUG: Deleting session > > > for > > > > > > stever, 203.63.154.1, 123 > > > 4 > > > Fri Aug 8 22:44:40 2003: DEBUG: Handling with Radius::AuthLSA: Fri > > > Aug 8 22:44:40 2003: DEBUG: Radius::AuthLSA looks for match with > > > stever Fri Aug 8 22:44:40 2003: DEBUG: Radius::AuthLSA ACCEPT: > > > Fri Aug 8 22:44:40 2003: DEBUG: Access accepted for stever > > > Fri Aug 8 22:44:40 2003: DEBUG: Packet dump: > > > *** Sending to 192.168.0.2 port 1120 .... > > > Code: Access-Accept > > > Identifier: 85 > > > Authentic: 1234567890123456 > > > Attributes: > > > > > > Fri Aug 8 22:44:46 2003: DEBUG: Packet dump: > > > *** Received from 192.168.0.2 port 1121 .... > > > Code: Access-Request > > > Identifier: 90 > > > Authentic: 1234567890123456 > > > Attributes: > > > User-Name = "stever" > > > Service-Type = Framed-User > > > NAS-IP-Address = 203.63.154.1 > > > NAS-Port = 1234 > > > Called-Station-Id = "123456789" > > > Calling-Station-Id = "987654321" > > > NAS-Port-Type = Async > > > MS-CHAP-Challenge = "<16>-<181><223><8>]0A" > > > MS-CHAP-Response = > > > "<1><1><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>< > > > 0><0><0><0><0><0><0><0><0><221><167>J<174>`<22><150>Md<11><177><185> > > > 0>1< > > > 0>23 > > > 3><209>< > > > 156><188>O<234><205><243><24>sn" > > > > > > Fri Aug 8 22:44:46 2003: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Fri Aug 8 22:44:46 2003: DEBUG: Deleting session > > > for > > > > > > stever, 203.63.154.1, 123 > > > 4 > > > Fri Aug 8 22:44:46 2003: DEBUG: Handling with Radius::AuthLSA: Fri > > > Aug 8 22:44:46 2003: DEBUG: Radius::AuthLSA looks for match with > > > stever Fri Aug 8 22:44:46 2003: DEBUG: Radius::AuthLSA ACCEPT: > > > Fri Aug 8 22:44:46 2003: DEBUG: Access accepted for stever > > > Fri Aug 8 22:44:46 2003: DEBUG: Packet dump: > > > *** Sending to 192.168.0.2 port 1121 .... > > > Code: Access-Accept > > > Identifier: 90 > > > Authentic: 1234567890123456 > > > Attributes: > > > > > > Fri Aug 8 22:44:51 2003: DEBUG: Packet dump: > > > *** Received from 192.168.0.2 port 1122 .... > > > Code: Access-Request > > > Identifier: 95 > > > Authentic: 1234567890123456 > > > Attributes: > > > User-Name = "stever" > > > Service-Type = Framed-User > > > NAS-IP-Address = 203.63.154.1 > > > NAS-Port = 1234 > > > Called-Station-Id = "123456789" > > > Calling-Station-Id = "987654321" > > > NAS-Port-Type = Async > > > CHAP-Password = > > > 5?<130>,<147><209><201><179><193><141><224><227>x<219><2 > > > 19><163>i > > > CHAP-Challenge = 1234567890123456 > > > > > > Fri Aug 8 22:44:51 2003: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Fri Aug 8 22:44:51 2003: DEBUG: Deleting session > > > for > > > > > > stever, 203.63.154.1, 123 > > > 4 > > > Fri Aug 8 22:44:51 2003: DEBUG: Handling with Radius::AuthLSA: Fri > > > Aug 8 22:44:51 2003: DEBUG: Radius::AuthLSA looks for match with > > > stever Fri Aug 8 22:44:51 2003: WARNING: Could not > > > LogonUserNetworkCHAP: The specified > > > procedure could not be found. > > > > > > Fri Aug 8 22:44:51 2003: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA > > > Password che ck failed Fri Aug 8 22:44:51 2003: INFO: Access > > > rejected for stever: AuthBy LSA Password > > > check failed > > > Fri Aug 8 22:44:51 2003: DEBUG: Packet dump: > > > *** Sending to 192.168.0.2 port 1122 .... > > > Code: Access-Reject > > > Identifier: 95 > > > Authentic: 1234567890123456 > > > Attributes: > > > Reply-Message = "Request Denied" > > > > > > > > > Can you help? > > > > > > Steve -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
