Re: [NTISP] Moving from the NT SAM

Sam Lowe ( (no email) )
Mon, 15 Mar 1999 08:12:09 -0600

I have loaded RadiusNT, gotten me SQL database us and running, but can't get
the WINNT password to authenticate. Do you have to have a user named
RadiusNT, or will the rights of the user executing radius be passed through.
The indication is the radiusNT has unsufficient rights (Privilege not held).
I have checked and the user executing the program has all the rights
specified in the manual. Any ideas would be welcomed.

----- Original Message -----
From: Dale E. Reed Jr. <>
To: <>
Sent: Sunday, March 07, 1999 9:51 PM
Subject: Re: [NTISP] Moving from the NT SAM

>Richard Fink wrote:
>> >You can use many of the normal utilities to extract the usernames
>> >from the NT SAM. Then you can import all of those into a RadiusNT
>> >database with WINNT as the password and the password replace option.
>> >
>> >Eventually you can get a full userlist in the database without
>> >causing any disruption of your service (or your users ever knowing).
>> How does that work Dale ? Getting the Userlist is no problem. But the
NT Passwords are. What does RadiusNT do here ? Does it just take the
"given" password from the user and then "make that" the Radius password ?
>> Probably not a problem, but it seems like a non-customer user could get
one free chance to get in, in that case, thereby also mucking the real users
real password.
>> I'll bet you've got it figured out better than that... I'd like to
understand it though.
>Yes, it definately works better than that. :)
>The first authentication, RadiusNT sees the user's paassword as "WINNT"
>and then compares thier password against the NT SAM. If the comparison
>is correct and password replace is on, it will replace the "WIINT" with
>the user's password they typed in the first place. All authentications
>after that come from the database, and the NT SAM user entry is no loner
>used or needed.
>Dale E. Reed Jr. Emerald and RadiusNT
>IEA Software, Inc.
>For more information about this list, including removal,
>see this url:

For more information about this list, including removal,
see this url: