Sent: Friday, April 06, 2001 9:36
AM
Subject: (RADIATOR) Problems using Authby
NT
Hello
All,
I'd like to use
Authby NT from a standalone W2K server. The problem is, radiator does not
authenticate accounts in other domains (either W2K or NT4, and either local or
domain accounts). When I make drive mappings to these domains (using account
x) it does authenticate account y (both local and domain accounts) in W2K
environments. It does authenticate a local account y on a standalone NT4
server, but still no authenctication to NT4 domains.
The following
errors are shown in trace 4:
When trying to
authenticate to NT4 domain (without drive mappings)
Fri Apr 6
12:55:29 2001: INFO: Access rejected for velden01: NT GetAttributes failed:
1726: The remote procedure call failed.
When trying to
authenticate to W2K standalone server or domain (without
drivemappings):
Thu Apr 5
11:10:09 2001: INFO: Access rejected for test_radius: NT GetAttributes failed:
1326: Logon failure: unknown user name or bad
password.
When looking at network traces, I can see Authby NT tries to
authenticate (if no drive mapping exists) by connecting to the IPC$ share with
the account the Radiator process is running. This is never going to work with
radiator running a certain account and authenticating accounts in domains it
has no trusts to.
When the drive mapping is available, the connection to this
share (IPC$) is done first with an empty username and secondly with the
username given to radiator and authentication goes
correct.
My radius server has W2K +
SP1, Perl 5.6.0 build 623, Radiator 2.18 including the latest Authby NT patch
(april 2).
According to me it
should be possible to authenticate using Authby NT with the radius server not
being part of any particular domain.
Does anybody have
a clue?
Regards,
Karel van der Velden
-----------------------------------------------------------------------------
Karel van der
Velden
| telnr: +31 50 5881003
Peizerweg
156 |
faxnr: +31 50 5883216
The Netherlands
DISCLAIMER: This Statement is not an
official statement from, nor does it represent an official postion of KPN
Telecom
-----------------------------------------------------------------------------