Discussion:
Windows Authentication issue
(too old to reply)
Namal
2008-09-26 05:44:05 UTC
Permalink
We are trying to configure Win2k3 IAS server for remote user authentication.
IAS server Configured as a member server and registered in Active
Directory.(Action -> Registered Server In Active directory).
We want to authenticate Radius Clients using AD User credentials. However,
whenever a User enters his WIndwos user credentials, radias Client is
rejected with following error:
(Radius Client log)
-------------------9/15/2008 11:36:29 AM Test started
[test]-------------------------
Info:Sending Access-Request of id 0 to 192.168.24.221:1812
User-Name = "test"
Password = "123456"
Info: Access-Reject packet from host 192.168.24.221:1812, id=0, length=20

Total approved auths: 0
Total denied auths: 1
Total lost auths: 0
Total time(secs): 0
--------------------9/15/2008 11:36:30 AM Test finished
[test]-------------------------
Note: "test" is a valid AD User account in our AD environment

Appreciate if anybody can assist us in this issue pl.
James McIllece [MS]
2008-10-31 18:25:28 UTC
Permalink
Post by Namal
We are trying to configure Win2k3 IAS server for remote user
authentication. IAS server Configured as a member server and
registered in Active Directory.(Action -> Registered Server In Active
directory). We want to authenticate Radius Clients using AD User
credentials. However, whenever a User enters his WIndwos user
(Radius Client log)
-------------------9/15/2008 11:36:29 AM Test started
[test]-------------------------
Info:Sending Access-Request of id 0 to 192.168.24.221:1812
User-Name = "test"
Password = "123456"
Info: Access-Reject packet from host 192.168.24.221:1812, id=0, length=20
Total approved auths: 0
Total denied auths: 1
Total lost auths: 0
Total time(secs): 0
--------------------9/15/2008 11:36:30 AM Test finished
[test]-------------------------
Note: "test" is a valid AD User account in our AD environment
Appreciate if anybody can assist us in this issue pl.
HI there --

The following line from your post leads me to believe you are confused
about what a RADIUS client is:

"We want to authenticate Radius Clients using AD User credentials."


The RADIUS client is the network access server (NAS) -- the VPN server,
dial-in server, wireless AP, wired switch, or Terminal Services Gateway
server. RADIUS clients use the RADIUS protocol to communicate with IAS or
NPS servers that are configured as either RADIUS servers or RADIUS proxy
servers.

Access clients are client computers that users log onto and with which they
attempt to connect to the network.

So the first step is to make sure that you've configured the NAS as a
RADIUS client in IAS, and then ensure that you configure the physical,
actual NAS with the same password you used for the shared secret in IAS.

As for the access client being rejected -- please look in Event Viewer for
the event and the reason code provided there for why authentication failed.
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Continue reading on narkive:
Loading...