I have installed RadiusNT on a Windows NT Server running:
Windows NT 4.0
with Service Pack 3
and the Ras and Routing Update
( formerly known as Steelhead )
It works fine with the test login client which comes with
RadiusNT as shown below. Both in ODBC and ASCII modes.
However when using it with the NT Remote Access Server (RAS) on that same
server and a Windows NT 3.51 Service Pack 5 RAS client dialing up, we
receive the following errors, also shown below. ( Please note that
RadiusNT is being run against the ASCII C:\Radius\Users file, not the ODBC
database, for all the below tests ).
We have experienced similar results with a Windows NT 3.51 Service Pack 4
client and a Macintosh client running the latest version of their OS and
Open Transport ( at least so the Macintosh administrator believes ).
Microsoft claims the new update ( commercial release of Stealhead ) is
fully compliant with RFC-2058. However other Microsoft documentation
discusses the differences between the CHAP RD4 and CHAP RD5 standards and
seems to imply this may not be the case - at least for previous versions of
NT RAS 4.0.
We have been unable to find a way to force our Microsoft RAS Server and/or
the clients to use PAP rather than whatever version of CHAP they are
attempting to use. We also have serious questions as to the advisability
of sending unencrypted passwords over dial-up public telepone networks or
the public internet. We would be using the product in conjunction with
Emerald and the ODBC database if we use RadiusNT.
Is anyone able to shed any light on what is happening or possible work
arounds?
Also will any of these problems go away with future versions ( 2.x? ) of
Radius NT.
When is the projected availability of the commercial product ( 2.x? ) and
who will be selling it?
Any and all suggestions or comments regarding the use of the Radius NT
product with Windows NT RAS as the Terminal Access Server would be
appreciated.
***************************************************************************
***************************************************************************
Debug Session Follows
***************************************************************************
***************************************************************************
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\users>cd \radius
C:\radius>radius -x15 -A
RadiusNT 1.16.60 2/7/97 Copyright (c) 1996 IEA Software, Inc.
All Rights Reserved, Worldwide
Some portions Copyright (c) 1992 Livingston Enterprises, Inc.
and Copyright (c) 1995 Ascend Communications, Inc.
0) EncryptPasswords: 0
1) IgnoreCase: 0
2) AuthPort: 1645
3) ReqAcctAuth: 0
4) AcctPort: 1646
5) Mode: 0
6) Options: 0
7) Debug: 15
8) ODBCDatasource: RADIUSNT
9) DataDirectory: \RADIUS
10) AcctDirectory: \RADIUS\acct
11) UsersFile: Users
12) Username:
13) Password:
Param: Debug Level: 15
Param: Require Authentication for Accounting packets
Initializing Winsock...
Client:198.136.195.63:198.136.195.63:NTRAS
Loading users...
User:test
1 users loaded!
Radius NT is ready to receive requests!
radrecv: Request from host c688c33f code=4, id=1, length=26
Acct-Status-Type = 7
Sending Accounting Ack of id 1 to c688c33f (198.136.195.63)
Response Time: 781
radrecv: Request from host c688c33f code=1, id=1, length=0
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
User-Name = "test"
Password = "HXA\300\320\326W5\006\300%k\005\203*E"
rad_authenticate()
Checking user record PW_PASSWORD type
authPapPwd
chkPwd->strvalue is test
decrypted pwd is test
Sending Ack of id 1 to c688c33f (198.136.195.63)
User-Service = Framed-User
Response Time: 60
radrecv: Request from host c688c33f code=1, id=2, length=63
User-Name = "test"
CHAP-Challenge = "\2559\370a\264\312\270\246\020\0301\016\243z\274\001"
Challenge-Response = ""
rad_authenticate()
Checking user record PW_PASSWORD type
authChapPwd
Sending Reject of id 2 to c688c33f (198.136.195.63)
Response Time: 51
radrecv: Request from host c688c33f code=1, id=3, length=63
User-Name = "test"
CHAP-Challenge = "aiz\204$\233)7P1\332z\243z\274\001"
Challenge-Response =
"\001\271V\034>{"\346\265\370\034\004\007\033w\245\340"
rad_authenticate()
Checking user record PW_PASSWORD type
authChapPwd
Sending Reject of id 3 to c688c33f (198.136.195.63)
Response Time: 40
radrecv: Request from host c688c33f code=1, id=4, length=63
User-Name = "test"
CHAP-Challenge = "\370\251\263n\244\341\267Y \005\300\317\243z\274\001"
Challenge-Response =
"\002{\234\263K\036\215\322Q\253\251\303\001\207\332\356e"
rad_authenticate()
Checking user record PW_PASSWORD type
authChapPwd
Sending Reject of id 4 to c688c33f (198.136.195.63)
Response Time: 30
radrecv: Request from host c688c33f code=1, id=5, length=63
User-Name = "test"
CHAP-Challenge = "H\021\205D\327\264G\032\360\354\\210\264z\274\001"
Challenge-Response =
"\003\276@J\243\364j\343\262\304\264\351\002\017]g\223"
rad_authenticate()
Checking user record PW_PASSWORD type
authChapPwd
Sending Reject of id 5 to c688c33f (198.136.195.63)
Response Time: 811
radrecv: Request from host c688c33f code=1, id=6, length=63
User-Name = "test"
CHAP-Challenge = ")\0*\203\265\356\364\320pJ%\270z\274\001"
Challenge-Response =
"\004\327\3610m\354\234h\235\373\244\015\273\026'\351\372"
rad_authenticate()
Checking user record PW_PASSWORD type
authChapPwd
Sending Reject of id 6 to c688c33f (198.136.195.63)
Response Time: 731
******************************************************************************
******************************************************************************
end contiguous copy from debug session
******************************************************************************
******************************************************************************
E. Bryan Hoover, Senior Systems Analyst
AgriNorthwest, Inc.
2810 W. Clearwater
Kennewick, WA 99336
voice telephone: (509) 735-6461
fax telephone: (509) 735-6471
e-mail: BryanHoover@AgriNorthwest.com