Re: FW: NT SAM authentication

Dale E. Reed Jr. ( (no email) )
Tue, 31 Mar 1998 13:52:58 -0800

Michael Bradley wrote:
> > Thanks to Mr. Hideo for the advice, however making my test users
> > members
> > of the local Account Operators and/or Administrators groups did not
> > solve my problem. I'm getting the exact same results I described in
> > my
> > earlier post. Any other ideas out there? Are people who are
> > successfully authenticating via the NT SAM running RadiusNT on servers
> > that are domain controllers? I am willing to start over on my
> > RadiusNT
> > server and make it a backup domain controller if that will get me NT
> > SAM
> > athentication, but I'd like to hear from experienced users (or Dale?)
> > that this will work (or at least is likely to) before I go to the
> > trouble.

I run RadiusNT here on an NT Workstation and can auth againt the
local database as well as the domain my Workstation is a part of.

With 2.2, the issues are basically, does the user being authenticated
have log on locally access to the MACHINE (not the domain) running
RadiusNT, and is RadiusNT running as a user that can authenticate

I added a bunch of new error information to RadiusNT so that it
will tell you whether its running as an account with insufficient
rights to authenticate againt the SAM.

> > Also, how can I tell if RadiuNT is even talking to the SAM at all? I
> > tried logging in via Radius as one of my test users using a bogus
> > password several
> > times on the hunch that NT would then disable the user account (as it
> > does after multiple failed login attempts of a standard NT user) but
> > found that the account was not disabled by NT--leading me to conclude
> > that the SAM is not receiving authentication requests from RadiusNT at
> > all. Is this a valid conclusion based on this experiment? Is there
> > something I need to do in RadiuNT Administrator or the ODBC control
> > panel on my Radius server machine to tell it specifically to talk to
> > the SAM?

I would guess that whomever RadiusNT is running as doesn't have
the rights to login users.

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |