Re: [RadiusNT] RRAS and RadiusNT2.5.267

Dale E. Reed Jr. ( (no email) )
Tue, 20 Jul 1999 11:47:28 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Graeme Slogrove: "[RadiusNT] Users cannot surf with Windows 95 and NT"
Next message: Dale E. Reed Jr.: "Re: [RadiusNT] RadiusNT in SQL server"
Maybe in reply to: Jason: "[RadiusNT] RRAS and RadiusNT2.5.267"

Jason wrote:
>
> Ok, I changed the RRAS from using encrypted login info to anything including
> clear text. Now most users can get on using it, but I am getting quite a
> number of them that cannot get on. They seem to be trying to use CHAP
> authentication. Below is a capture of the x15 debug. Now this particular
> user was trying this while on the phone with me and she tried 4 times with
> the same results, the 5th time it worked! Any thoughts anyone? Is this a
> setting on the users machine? Is it RRAS?
> TIA
> Jason Roblyer
> NCTC
> jason@nctc.net
>
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> -----------
> radrecv: Request from host cfb11001 code=1, id=56, length=86
>
> User-Name = "carol"
> CHAP-Challenge = "\244z\251kQ\065\337\2860\011\043N\272\312\476\011"
> Challenge-Response = "*\017d\327"
> NAS-Port = 14
> Framed-Protocol = PPP
> NAS-Identifier = "NS"
> NAS-Port-Type = Async
> rad_authenticate_ODBC()
>
> SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
> (ma.Extension+ma.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(),
> DateAdd(Day, sa.Extension+1, saExpireDate)), sa.AccountID, sa.AccountType,
> sa.Password, sa.Login, sa.Shell, ma.Balance, ma.OverLimit From
> MasterAccounts ma, SubAccounts sa Where sa.Login='carol' AND
> ma.CustomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0
>
> CHAP Password Comparison failure.
> Decrypted Password: *CHAP*
> Database Password: *CHAP*
> Sending Reject of id 56 to cfb11001 (NS-RAS)
>
> SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data,
> NASIdentifier, NASPort, CallerID) VALUES (11, GetDate(), 'carol', '*CHAP*',
> NULL, 14, NULL)
>
> User: carol Bad Password
> Resp Time: 80 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0

There are a couple of registry keys you can modify to prevent
RRAS from using CHAP/SPAP. That usually fixes the problem.
See this MS KB:

http://support.microsoft.com/support/kb/articles/q172/2/16.asp

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart

Previous message: Graeme Slogrove: "[RadiusNT] Users cannot surf with Windows 95 and NT"
Next message: Dale E. Reed Jr.: "Re: [RadiusNT] RadiusNT in SQL server"
Maybe in reply to: Jason: "[RadiusNT] RRAS and RadiusNT2.5.267"