RE: NT SAM Authentication

George G. Stossel ( (no email) )
Mon, 30 Mar 1998 08:49:16 -0500

I would have to agree that requiring such a level of privilege to make
the SAM Authentication work is a bad Spec. I would wonder why
Authentication against SAM is not based strictly on the "Grant dialin
permission to user" property. Using this would make dialin access
control consistent between RAS and an external Access Server.

George G. Stossel, President Phone:
419.352.3568
DACOR, Inc. FAX: 419.353.0149
519 W. Wooster Street Sales: 800.447.5333
Bowling Green, OH 43402-2763 03 USA Email:
stossel@dacor.com
WWW: http://www.dacor.com/

-----Original Message-----
From: NORO Hideo [SMTP:norop@xpc.canon.co.jp]
Sent: Monday, March 30, 1998 12:47 AM
To: radiusnt@iea-software.com
Subject: NT SAM Authentication

I met the NT SAM authentication probs which are
discussed frequently
in this list.

But no conclusion was out, I think.
So I try-and-error'ed many many times, and finally I found out
what is the
problem.

** User who are authenticated via NT SAM must be a member of
"Account Operators"
group **

In stead of "Account Operators", "Administrator" group is also
OK as you think.

Yes, I solve the "NT SAM Authentication" problem.
But is this feature good SPECIFICATION? -- I don't think so.
That's BUG in code, or BUG in SPEC.

How do you think, all?

I hope this bug will be fixed in the next release.

Thanks!

NORO Hideo
norop@xpc.canon.co.jp

----------------------------------------------------------
RadiusNT Mailing List lists@iea-software.com