pwi11
asked on
RRAS Server on a Domain to use local authentication
Hello everyone,
I have a Windows 2003 Server running RAS. I have been trying to establish a dial-in connection to this server from another pc using CHAP authentication. I have been able to make a connection when the server is not part of our domain. However, I need this server to be a member of the domain. When it is on the domain, I get an error saying that the user failed to authenticate.
I know that reversibly encrypted passwords need to be enabled, and I have done that. I have reset the passwords so that this setting will catch. I have set up each user to allow dial-in connections. Encrypted passwords and dial-in settings are the same on both the local server and our PDC.
As a workaound, is there a way i can have the RAS server join the domain, but authenticate dial-up users locally??? Also, if anyone has any ideas as to how I can make this work by using the PDC to authenticate these users, that would help too. Thanks!
I have a Windows 2003 Server running RAS. I have been trying to establish a dial-in connection to this server from another pc using CHAP authentication. I have been able to make a connection when the server is not part of our domain. However, I need this server to be a member of the domain. When it is on the domain, I get an error saying that the user failed to authenticate.
I know that reversibly encrypted passwords need to be enabled, and I have done that. I have reset the passwords so that this setting will catch. I have set up each user to allow dial-in connections. Encrypted passwords and dial-in settings are the same on both the local server and our PDC.
As a workaound, is there a way i can have the RAS server join the domain, but authenticate dial-up users locally??? Also, if anyone has any ideas as to how I can make this work by using the PDC to authenticate these users, that would help too. Thanks!
ASKER
I added the RAS server to the list of RAS and IAS servers in the Active Directory group on our PDC. I also rejoined the domain, then logged into the RAS server using a domain login. It now works. I'm not exactly sure why, but i'm glad it does. Problem solved.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Opening LDAP connection to server.domain.local.
Access denied -- purging Kerberos ticket cache.
Retring LDAP connection to server.domain.local.
LDAP connect failed: Access is denied.
Using downlevel dial-in parameters.
Could not open an LDAP connection to domain DOMIAN.
NTDomain::getConnection failed: Access is denied.
Per-user attribute retrieval failed: Access is denied.
So I imagine that some type of setting in the active directory is causing this. I have no idea how to fix this. Any ideas???