RRAS Server on a Domain to use local authentication

Posted on 2004-10-28
Last Modified: 2008-02-01
Hello everyone,

I have a Windows 2003 Server running RAS.  I have been trying to establish a dial-in connection to this server from another pc using CHAP authentication.  I have been able to make a connection when the server is not part of our domain.  However, I need this server to be a member of the domain.  When it is on the domain, I get an error saying that the user failed to authenticate.

I know that reversibly encrypted passwords need to be enabled, and I have done that.  I have reset the passwords so that this setting will catch.  I have set up each user to allow dial-in connections.  Encrypted passwords and dial-in settings are the same on both the local server and our PDC.

As a workaound, is there a way i can have the RAS server join the domain, but authenticate dial-up users locally???  Also, if anyone has any ideas as to how I can make this work by using the PDC to authenticate these users, that would help too.  Thanks!
Question by:pwi11

    Author Comment

    Ok, I think I found where the problem occurs.  In the IASSAM.LOG file, there are errors stating:

    Opening LDAP connection to server.domain.local.
    Access denied -- purging Kerberos ticket cache.
    Retring LDAP connection to server.domain.local.
    LDAP connect failed: Access is denied.
    Using downlevel dial-in parameters.
    Could not open an LDAP connection to domain DOMIAN.
    NTDomain::getConnection failed: Access is denied.
    Per-user attribute retrieval failed: Access is denied.

    So I imagine that some type of setting in the active directory is causing this.  I have no idea how to fix this.  Any ideas???

    Author Comment

    I added the RAS server to the list of RAS and IAS servers in the Active Directory group on our PDC.  I also rejoined the domain, then logged into the RAS server using a domain login.  It now works.  I'm not exactly sure why, but i'm glad it does.  Problem solved.

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Lets look at the default installation and configuration of FreeProxy 4.10 REQUIREMENTS 1. FreeProxy 4.10 Application - Can be downloaded here ( 2. Ensure that you disable the windows fi…
    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now