Acess denied to user name and password in radius

I tried to login to my Win2k3 AD vpn server from Win XP sp2 machine but
it keep prompting access denied because wrong user name and password. I
disable the MS-Chap as mentioned in the Micorosoft articles but still
won't works. Pls advise. Thanks

Rgds
Daniel

In news:(E-Mail Removed) oups.com,
Daniel <(E-Mail Removed)> stated, which I commented on below:
> I tried to login to my Win2k3 AD vpn server from Win XP sp2 machine
> but it keep prompting access denied because wrong user name and
> password. I disable the MS-Chap as mentioned in the Micorosoft
> articles but still won't works. Pls advise. Thanks
>
> Rgds
> Daniel

In Windows IAS, enable logging. Then download an IAS log reader which will
translate it into English (makes it readable). You should be able to see
where the problem is after that.

Here's one I used that I found very useful diagnosing an Aironet/Radius
problem I previously had:
http://www.deepsoftware.com/iasviewer/?adv

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

Ace, after i enable loggin of authentication request, there are no
files generated to the error i get.

Rgds
Daniel

Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed) oups.com,
> Daniel <(E-Mail Removed)> stated, which I commented on below:
> > I tried to login to my Win2k3 AD vpn server from Win XP sp2 machine
> > but it keep prompting access denied because wrong user name and
> > password. I disable the MS-Chap as mentioned in the Micorosoft
> > articles but still won't works. Pls advise. Thanks
> >
> > Rgds
> > Daniel
>
> In Windows IAS, enable logging. Then download an IAS log reader which will
> translate it into English (makes it readable). You should be able to see
> where the problem is after that.
>
> Here's one I used that I found very useful diagnosing an Aironet/Radius
> problem I previously had:
> http://www.deepsoftware.com/iasviewer/?adv
>
> --
> Ace
> Innovative IT Concepts, Inc
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...

Ace, what host name should i enter into the radius client ip or host
name authentication if i connect from remote ?

Rgds
Daniel


Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed) oups.com,
> Daniel <(E-Mail Removed)> stated, which I commented on below:
> > I tried to login to my Win2k3 AD vpn server from Win XP sp2 machine
> > but it keep prompting access denied because wrong user name and
> > password. I disable the MS-Chap as mentioned in the Micorosoft
> > articles but still won't works. Pls advise. Thanks
> >
> > Rgds
> > Daniel
>
> In Windows IAS, enable logging. Then download an IAS log reader which will
> translate it into English (makes it readable). You should be able to see
> where the problem is after that.
>
> Here's one I used that I found very useful diagnosing an Aironet/Radius
> problem I previously had:
> http://www.deepsoftware.com/iasviewer/?adv
>
> --
> Ace
> Innovative IT Concepts, Inc
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...

In news:(E-Mail Removed) ups.com,
Daniel <(E-Mail Removed)> stated, which I commented on below:
> Ace, what host name should i enter into the radius client ip or host
> name authentication if i connect from remote ?
>
> Rgds
> Daniel

In the RADIUS client, you would need to specify RADIUS accounting and
authentication and for both, enter the RADIUS (IAS) server's IP and the
secret (password). In IAS, you would specifiy the client RADIUS servers, and
enter the RADIUS client's IP. For the password or secret, enter a password.

I hope I understood your question. I hope the following links help as well.

Internet Authentication Service for Windows 2000 - IAS Accounting:
http://www.microsoft.com/technet/pro.../ias2000c.mspx

Checklist- Configuring IAS for dial-up and VPN access:
http://www.microsoft.com/windows2000...=8&CS=AWP&SR=8

IAS Technical Reference:
http://technet2.microsoft.com/window...=1&CS=AWP&SR=1

Internet Authentication Service Frequently Asked Questions:
http://www.microsoft.com/technet/its...as/iasfaq.mspx

Internet Authentication Service for Windows 2000 - IAS Configuration:
http://www.microsoft.com/technet/pro...=3&CS=AWP&SR=3

Ace

Ace, what if the client IP is dynamic ?

Rgds
Daniel

Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed) ups.com,
> Daniel <(E-Mail Removed)> stated, which I commented on below:
> > Ace, what host name should i enter into the radius client ip or host
> > name authentication if i connect from remote ?
> >
> > Rgds
> > Daniel
>
> In the RADIUS client, you would need to specify RADIUS accounting and
> authentication and for both, enter the RADIUS (IAS) server's IP and the
> secret (password). In IAS, you would specifiy the client RADIUS servers, and
> enter the RADIUS client's IP. For the password or secret, enter a password.
>
> I hope I understood your question. I hope the following links help as well.
>
> Internet Authentication Service for Windows 2000 - IAS Accounting:
> http://www.microsoft.com/technet/pro.../ias2000c.mspx
>
> Checklist- Configuring IAS for dial-up and VPN access:
> http://www.microsoft.com/windows2000...=8&CS=AWP&SR=8
>
> IAS Technical Reference:
> http://technet2.microsoft.com/window...=1&CS=AWP&SR=1
>
> Internet Authentication Service Frequently Asked Questions:
> http://www.microsoft.com/technet/its...as/iasfaq.mspx
>
> Internet Authentication Service for Windows 2000 - IAS Configuration:
> http://www.microsoft.com/technet/pro...=3&CS=AWP&SR=3
>
> Ace

In news:(E-Mail Removed) ups.com,
Daniel <(E-Mail Removed)> stated, which I commented on below:
> Ace, what if the client IP is dynamic ?
>
> Rgds
> Daniel

I just want to first mention that RADIUS clients are meant to be other
servers acting as a RADIUS client that are already running RRAS, not a
workstation client. Instead of that RRAS server offering authentication and
accounting, you are telling it to send the authentication request elsewhere.

If it's a workstation client, then no need, just VPN into the RRAS server
(as long as you set it up for VPN).

If it's a dynamic IP, you're kind of SOL. If it is truly a server, you can
probably get away with using DynIP or some other free dynamic IP service.

Ace

I was getting confused by the term radius client, thought that its a
workstation client. So the radius client would be the rras server or
any other server. btw what do u mean in the last paragraph ?

Rgds
Daniel



Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed) ups.com,
> Daniel <(E-Mail Removed)> stated, which I commented on below:
> > Ace, what if the client IP is dynamic ?
> >
> > Rgds
> > Daniel
>
> I just want to first mention that RADIUS clients are meant to be other
> servers acting as a RADIUS client that are already running RRAS, not a
> workstation client. Instead of that RRAS server offering authentication and
> accounting, you are telling it to send the authentication request elsewhere.
>
> If it's a workstation client, then no need, just VPN into the RRAS server
> (as long as you set it up for VPN).
>
> If it's a dynamic IP, you're kind of SOL. If it is truly a server, you can
> probably get away with using DynIP or some other free dynamic IP service.
>
> Ace

In news:(E-Mail Removed) ps.com,
Daniel <(E-Mail Removed)> stated, which I commented on below:
> I was getting confused by the term radius client, thought that its a
> workstation client. So the radius client would be the rras server or
> any other server. btw what do u mean in the last paragraph ?
>
> Rgds
> Daniel
>

Last paragraph?
"If it's a dynamic IP, you're kind of SOL. If it is truly a server, you can
probably get away with using DynIP or some other free dynamic IP service."

That means if the RRAS server that you want to use is set as a DHCP client
(automatically gets an IP), then we could probably use some free DNS service
to use so you can use an FQDN instead of an IP address and when the IP
changes, it gets updated for the FQDN.

But since you have workstations, it's pretty much a moot point. Use the
workstation as a VPN client to your RRAS server.

Ace

Ace, i managed to get it connected but now how can i browse my internal
network ? Btw the vpn server is behind a router.

Rgds
Daniel

Ace Fekay [MVP] wrote:
> In news:(E-Mail Removed) ps.com,
> Daniel <(E-Mail Removed)> stated, which I commented on below:
> > I was getting confused by the term radius client, thought that its a
> > workstation client. So the radius client would be the rras server or
> > any other server. btw what do u mean in the last paragraph ?
> >
> > Rgds
> > Daniel
> >
>
> Last paragraph?
> "If it's a dynamic IP, you're kind of SOL. If it is truly a server, you can
> probably get away with using DynIP or some other free dynamic IP service."
>
> That means if the RRAS server that you want to use is set as a DHCP client
> (automatically gets an IP), then we could probably use some free DNS service
> to use so you can use an FQDN instead of an IP address and when the IP
> changes, it gets updated for the FQDN.
>
> But since you have workstations, it's pretty much a moot point. Use the
> workstation as a VPN client to your RRAS server.
>
> Ace