Hello Steve, On Sun, 10 Aug 2003 12:47 am, Steve Rogers wrote: > Hello, > > I have changed the password a couple of times after the "store passwords > in reversible encryption" and still it fails. I've rebooted the machine > and tried creating new user accounts and authenticating against those, > but chap still fails.
That should be enought to set the password properly. > > Am I still missing something? I'd really appreciate any ideas. Hmmm. Is MSCHAPV2 working OK? Are you testing with radpwtst? What sort of host is your AD on? Cheers. > > Steve > > -----Original Message----- > From: Mike McCauley [mailto:[EMAIL PROTECTED] > Sent: 09 August 2003 01:06 > To: Steve Rogers > Subject: Re: Help with AuthBy LSA > > > Hello Steve, > > On Sat, 9 Aug 2003 07:47 am, Steve Rogers wrote: > > Hi Mike, > > > > I've been trying out the new AuthBy LSA code and I can't get chap to > > work. Pap, mschap work flawlessly. The user accounts are on the local > > machine so there's no AD/NT domain. > > > > I'm using Radiator 3.6 on Windows XP Pro (SP1) with Activestate Perl > > 5.6.1 and the Win32-Lsa perl module. The config file is the lsa.cfg > > from goodies dir in the Radiator distribution. > > > > Radiator is running with Admin privs, with act as part of operating > > system and the local computer policy has store passwords in reversible > > > > encryption enabled. > > Thats sounds all OK, but if you turned on "store passwords in reversible > > encryption" _after_ the users password has been set in AD, you will need > to > _reset_ the password in AD, else it does not really have the reversible > password stored. > > Hope that helps. > > BTW, it would be better if you address any future technical questions > you > might have to the Radiator mailing list. That way others can learn > from the question and answer, and possibly contribute in areas where I > am not expert. Also, we have other staff on the mailing list who can > respond when I am not available. > > You can join the Radiator mailing list by sending email with the > single word subscribe in the body (not in the subject line) to > [EMAIL PROTECTED] > There is an archive at http://www.open.com.au/archives/radiator/ > Cheers. > > > He's the debug - first is pap auth, then mschap and finally chap which > > > > has the following warning: > > > > WARNING: Could not LogonUserNetworkCHAP: > > > > > > D:\Radiator\Radiator-3.6>perl radiusd -config_file lsa.cfg Fri Aug 8 > > 22:44:12 2003: DEBUG: Finished reading configuration file 'lsa.cfg' > > Fri Aug 8 22:44:12 2003: DEBUG: Reading dictionary file > > './dictionary' > > > Fri Aug 8 22:44:12 2003: DEBUG: Creating authentication port > > 0.0.0.0:1645 > > Fri Aug 8 22:44:12 2003: DEBUG: Creating accounting port 0.0.0.0:1646 > > Fri Aug 8 22:44:12 2003: NOTICE: Server started: Radiator 3.6 on > > ROGERSSLT1 > > Fri Aug 8 22:44:40 2003: DEBUG: Packet dump: > > *** Received from 192.168.0.2 port 1120 .... > > Code: Access-Request > > Identifier: 85 > > Authentic: 1234567890123456 > > Attributes: > > User-Name = "stever" > > Service-Type = Framed-User > > NAS-IP-Address = 203.63.154.1 > > NAS-Port = 1234 > > Called-Station-Id = "123456789" > > Calling-Station-Id = "987654321" > > NAS-Port-Type = Async > > User-Password = > > "<152><233><<156><157>o<4><246><188>8<9><160><216>}x<153 > > > > >" > > > > Fri Aug 8 22:44:40 2003: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' Fri Aug 8 22:44:40 2003: DEBUG: Deleting session for > > > > stever, 203.63.154.1, 123 > > 4 > > Fri Aug 8 22:44:40 2003: DEBUG: Handling with Radius::AuthLSA: > > Fri Aug 8 22:44:40 2003: DEBUG: Radius::AuthLSA looks for match with > > stever > > Fri Aug 8 22:44:40 2003: DEBUG: Radius::AuthLSA ACCEPT: > > Fri Aug 8 22:44:40 2003: DEBUG: Access accepted for stever > > Fri Aug 8 22:44:40 2003: DEBUG: Packet dump: > > *** Sending to 192.168.0.2 port 1120 .... > > Code: Access-Accept > > Identifier: 85 > > Authentic: 1234567890123456 > > Attributes: > > > > Fri Aug 8 22:44:46 2003: DEBUG: Packet dump: > > *** Received from 192.168.0.2 port 1121 .... > > Code: Access-Request > > Identifier: 90 > > Authentic: 1234567890123456 > > Attributes: > > User-Name = "stever" > > Service-Type = Framed-User > > NAS-IP-Address = 203.63.154.1 > > NAS-Port = 1234 > > Called-Station-Id = "123456789" > > Calling-Station-Id = "987654321" > > NAS-Port-Type = Async > > MS-CHAP-Challenge = "<16>-<181><223><8>]0A" > > MS-CHAP-Response = > > "<1><1><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>< > > 0><0><0><0><0><0><0><0><0><221><167>J<174>`<22><150>Md<11><177><185>1< > > 0>23 > > 3><209>< > > 156><188>O<234><205><243><24>sn" > > > > Fri Aug 8 22:44:46 2003: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' Fri Aug 8 22:44:46 2003: DEBUG: Deleting session for > > > > stever, 203.63.154.1, 123 > > 4 > > Fri Aug 8 22:44:46 2003: DEBUG: Handling with Radius::AuthLSA: > > Fri Aug 8 22:44:46 2003: DEBUG: Radius::AuthLSA looks for match with > > stever > > Fri Aug 8 22:44:46 2003: DEBUG: Radius::AuthLSA ACCEPT: > > Fri Aug 8 22:44:46 2003: DEBUG: Access accepted for stever > > Fri Aug 8 22:44:46 2003: DEBUG: Packet dump: > > *** Sending to 192.168.0.2 port 1121 .... > > Code: Access-Accept > > Identifier: 90 > > Authentic: 1234567890123456 > > Attributes: > > > > Fri Aug 8 22:44:51 2003: DEBUG: Packet dump: > > *** Received from 192.168.0.2 port 1122 .... > > Code: Access-Request > > Identifier: 95 > > Authentic: 1234567890123456 > > Attributes: > > User-Name = "stever" > > Service-Type = Framed-User > > NAS-IP-Address = 203.63.154.1 > > NAS-Port = 1234 > > Called-Station-Id = "123456789" > > Calling-Station-Id = "987654321" > > NAS-Port-Type = Async > > CHAP-Password = > > 5?<130>,<147><209><201><179><193><141><224><227>x<219><2 > > 19><163>i > > CHAP-Challenge = 1234567890123456 > > > > Fri Aug 8 22:44:51 2003: DEBUG: Handling request with Handler > > 'Realm=DEFAULT' Fri Aug 8 22:44:51 2003: DEBUG: Deleting session for > > > > stever, 203.63.154.1, 123 > > 4 > > Fri Aug 8 22:44:51 2003: DEBUG: Handling with Radius::AuthLSA: > > Fri Aug 8 22:44:51 2003: DEBUG: Radius::AuthLSA looks for match with > > stever > > Fri Aug 8 22:44:51 2003: WARNING: Could not LogonUserNetworkCHAP: The > > specified > > procedure could not be found. > > > > Fri Aug 8 22:44:51 2003: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA > > Password che ck failed > > Fri Aug 8 22:44:51 2003: INFO: Access rejected for stever: AuthBy LSA > > Password > > check failed > > Fri Aug 8 22:44:51 2003: DEBUG: Packet dump: > > *** Sending to 192.168.0.2 port 1122 .... > > Code: Access-Reject > > Identifier: 95 > > Authentic: 1234567890123456 > > Attributes: > > Reply-Message = "Request Denied" > > > > > > Can you help? > > > > Steve -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
