NT SAM Auth (Was: Re: Arvhices and searching)

Dale E. Reed Jr. ( (no email) )
Mon, 1 Dec 1997 15:31:17 -0800 ()

On Mon, 1 Dec 1997 Shb@ffn.com wrote:

> I still don't think the redirect to the Sam database works with the newest
> version of radiusnt.

Below is a dump on a Local NT SAM auth from a newly installed
NT 5.0 workstation. I used it because the install was fresh.
The thing that I see is that the SAM permissions don't seem
to update until you reboot your machine. Try this:

Go into the user manager and user rights. Grant your test
user the following rights:

Act As Part of the Operating System
Log on As Service
Log on as a Batch file
Log On Locally

Save the rights and reboot the machine RadiusNT is running
on. Your SAM auth for that user should be working now. I
believe the correct permission is one of the "Log on as...",
but in 2.2.41, the LoginUser() function passed "log on locally",
for the access restriction.

If you nail it down, let me know. I have been re-arranging
RadiusNT 2.5 to check for "Access this computer from the
Network", then check to see if the Dialin Permission is
granted. That should clear up the permissions issues
(since the first is a default on all NT machines), and
give you user-by-user control via the user manager.


C:\radius>radius -x15 -M0

RadiusNT 2.2.41 7/27/97 Copyright (c) 1996-1997 IEA Software, Inc.
All Rights Reserved, Worldwide

Some portions Copyright (c) 1992 Livingston Enterprises, Inc.
and Copyright (c) 1995 Ascend Communications, Inc.

Param: Debug Level: 15
Param: Mode: 0
Initializing Winsock...

Loading users...
1 users loaded!

Radius NT is ready to receive requests!
radrecv: Request from host 7f000001 code=1, id=1, length=0
NAS-IP-Address =
NAS-Port = 0
User-Name = "daler"
Password = "....."
Checking user record PW_PASSWORD type
chkPwd->strvalue is WINNT
decrypted pwd is .....
(WINNT) User:daler Domain: Password:.....
Sending Ack of id 1 to 7f000001 (
User-Service = Framed-User

Resp Time: 160 Auth: 1/0 -> 1 Acct: 0/0/0 -> 0

Dale E. Reed Jr. (daler@iea.com)
IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
Internet Solutions for Today | http://www.iea-software.com