Hi folks, I just upgraded one of the domain controllers (DC8) in my test Active Directory environment from AD2003 to AD2008, and my test Radiator installation has started denying authentications.
Is this is a known issue with Radiator 3.16? Does anyone have Radiator 3.16 successfully authenticating against an AD2008 domain? [I realize that 3.16 is a little dated ... ] ########## AUTHENTICATION HANDLER TINKER TOYS ############ <AuthBy FILE> Identifier CheckCiscoEnable Filename C:\Program Files\Radiator\ChKCiscoEnable </AuthBy> <AuthBy FILE> Identifier CheckCiscoReadOnly Filename C:\Program Files\Radiator\ChKCiscoReadOnly </AuthBy> <AuthBy NT> Identifier CheckNT GroupRequired NoCheckPassword </AuthBy> ########## AUTHENTICATION HANDLERS ############ <Handler Client-Identifier=vdops-mgmt> AuthByPolicy ContinueWhileAccept RejectHasReason # Handle administrative users <AuthBy LSA> </AuthBy> # Check group membership and return the appropriate Service-Type <AuthBy GROUP> AuthByPolicy ContinueUntilAccept AuthBy CheckCiscoEnable AuthBy CheckCiscoReadOnly </AuthBy> </Handler> And from the log: Wed Nov 9 04:15:52 2011: DEBUG: Handling request with Handler 'Client-Identifier=vdops-mgmt' Wed Nov 9 04:15:52 2011: DEBUG: Deleting session for skendric, 10.6.50.46,3 Wed Nov 9 04:15:52 2011: DEBUG: Handling with Radius::AuthLSA: Wed Nov 9 04:15:52 2011: DEBUG: Radius::AuthLSA looks for match with skendric [skendric] Wed Nov 9 04:15:52 2011: DEBUG: Radius::AuthLSA ACCEPT: : skendric [skendric] Wed Nov 9 04:15:52 2011: DEBUG: AuthBy LSA result: ACCEPT, Wed Nov 9 04:15:52 2011: DEBUG: Handling with Radius::AuthGROUP: Wed Nov 9 04:15:52 2011: DEBUG: Handling with Radius::AuthFILE: CheckCiscoEnable Wed Nov 9 04:15:52 2011: DEBUG: Reading users file C:\Program Files\Radiator\ChKCiscoEnable Wed Nov 9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with skendric[skendric] Wed Nov 9 04:15:52 2011: DEBUG: Radius::AuthFILE REJECT: No such user: skendric [skendric] Wed Nov 9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT [skendric] Wed Nov 9 04:15:52 2011: DEBUG: Handling with NT Wed Nov 9 04:16:00 2011: DEBUG: Domain Controller name is \\DC8 Wed Nov 9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 5: Access is denied.: DEFAULT [skendric] Wed Nov 9 04:16:00 2011: DEBUG: Handling with Radius::AuthFILE: CheckCiscoReadOnly Wed Nov 9 04:16:00 2011: DEBUG: Reading users file C:\Program Files\Radiator\ChKCiscoReadOnly Wed Nov 9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with skendric[skendric] Wed Nov 9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: No such user: skendric [skendric] Wed Nov 9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT [skendric] Wed Nov 9 04:16:00 2011: DEBUG: Handling with NT Wed Nov 9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 5: Access is denied.: DEFAULT [skendric] Wed Nov 9 04:16:00 2011: DEBUG: AuthBy GROUP result: REJECT, NT GetAttributes failed: 5: Access is denied. Wed Nov 9 04:16:00 2011: INFO: Access rejected for skendric: NT GetAttributes failed: 5: Access is denied. --sk Stuart Kendrick FHCRC _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator