[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


RRAS Server on a Domain to use local authentication

Posted on 2004-10-28
Medium Priority
Last Modified: 2008-02-01
Hello everyone,

I have a Windows 2003 Server running RAS.  I have been trying to establish a dial-in connection to this server from another pc using CHAP authentication.  I have been able to make a connection when the server is not part of our domain.  However, I need this server to be a member of the domain.  When it is on the domain, I get an error saying that the user failed to authenticate.

I know that reversibly encrypted passwords need to be enabled, and I have done that.  I have reset the passwords so that this setting will catch.  I have set up each user to allow dial-in connections.  Encrypted passwords and dial-in settings are the same on both the local server and our PDC.

As a workaound, is there a way i can have the RAS server join the domain, but authenticate dial-up users locally???  Also, if anyone has any ideas as to how I can make this work by using the PDC to authenticate these users, that would help too.  Thanks!
Question by:pwi11
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Author Comment

ID: 12437727
Ok, I think I found where the problem occurs.  In the IASSAM.LOG file, there are errors stating:

Opening LDAP connection to server.domain.local.
Access denied -- purging Kerberos ticket cache.
Retring LDAP connection to server.domain.local.
LDAP connect failed: Access is denied.
Using downlevel dial-in parameters.
Could not open an LDAP connection to domain DOMIAN.
NTDomain::getConnection failed: Access is denied.
Per-user attribute retrieval failed: Access is denied.

So I imagine that some type of setting in the active directory is causing this.  I have no idea how to fix this.  Any ideas???

Author Comment

ID: 12448519
I added the RAS server to the list of RAS and IAS servers in the Active Directory group on our PDC.  I also rejoined the domain, then logged into the RAS server using a domain login.  It now works.  I'm not exactly sure why, but i'm glad it does.  Problem solved.

Accepted Solution

modulo earned 0 total points
ID: 12942235
PAQed with points refunded (500)

Community Support Moderator

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question