[RADIATOR] Radiator 3.16 / AuthBy LSA / AD2008

Wed, 09 Nov 2011 04:27:11 -0800 

Hi folks,

I just upgraded one of the domain controllers (DC8) in my test Active
Directory environment from AD2003 to AD2008, and my test Radiator
installation has started denying authentications.

Is this is a known issue with Radiator 3.16?  Does anyone have Radiator
3.16 successfully authenticating against an AD2008 domain?  [I realize
that 3.16 is a little dated ... ]

########## AUTHENTICATION HANDLER TINKER TOYS ############

<AuthBy FILE>
        Identifier CheckCiscoEnable
        Filename        C:\Program Files\Radiator\ChKCiscoEnable
</AuthBy>

<AuthBy FILE>
        Identifier CheckCiscoReadOnly
        Filename        C:\Program Files\Radiator\ChKCiscoReadOnly
</AuthBy>

<AuthBy NT>
        Identifier CheckNT
        GroupRequired
        NoCheckPassword
</AuthBy>



########## AUTHENTICATION HANDLERS ############
<Handler Client-Identifier=vdops-mgmt>
        AuthByPolicy ContinueWhileAccept
        RejectHasReason

        # Handle administrative users
        <AuthBy LSA>
        </AuthBy>
 
        # Check group membership and return the appropriate Service-Type
        <AuthBy GROUP>
                AuthByPolicy ContinueUntilAccept
                AuthBy CheckCiscoEnable
                AuthBy CheckCiscoReadOnly
        </AuthBy>
</Handler>

And from the log:

Wed Nov  9 04:15:52 2011: DEBUG: Handling request with Handler 
'Client-Identifier=vdops-mgmt'
Wed Nov  9 04:15:52 2011: DEBUG: Deleting session for skendric, 10.6.50.46,3
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthLSA:
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthLSA looks for match with skendric 
[skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthLSA ACCEPT: : skendric [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: AuthBy LSA result: ACCEPT,
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthGROUP:
Wed Nov  9 04:15:52 2011: DEBUG: Handling with Radius::AuthFILE: 
CheckCiscoEnable
Wed Nov  9 04:15:52 2011: DEBUG: Reading users file C:\Program 
Files\Radiator\ChKCiscoEnable
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with 
skendric[skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE REJECT: No such user: 
skendric [skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT 
[skendric]
Wed Nov  9 04:15:52 2011: DEBUG: Handling with NT
Wed Nov  9 04:16:00 2011: DEBUG: Domain Controller name is \\DC8
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes 
failed: 5: Access is denied.: DEFAULT [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Handling with Radius::AuthFILE: 
CheckCiscoReadOnly
Wed Nov  9 04:16:00 2011: DEBUG: Reading users file C:\Program 
Files\Radiator\ChKCiscoReadOnly
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with 
skendric[skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: No such user: 
skendric [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE looks for match with DEFAULT 
[skendric]
Wed Nov  9 04:16:00 2011: DEBUG: Handling with NT
Wed Nov  9 04:16:00 2011: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes 
failed: 5: Access is denied.: DEFAULT [skendric]
Wed Nov  9 04:16:00 2011: DEBUG: AuthBy GROUP result: REJECT, NT GetAttributes 
failed: 5: Access is denied.
Wed Nov  9 04:16:00 2011: INFO: Access rejected for skendric: NT GetAttributes 
failed: 5: Access is denied.

--sk

Stuart Kendrick
FHCRC

_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to