[Webinar] Streamline your web hosting managementRegister Today


RRAS Server on a Domain to use local authentication

Posted on 2004-10-28
Medium Priority
Last Modified: 2008-02-01
Hello everyone,

I have a Windows 2003 Server running RAS.  I have been trying to establish a dial-in connection to this server from another pc using CHAP authentication.  I have been able to make a connection when the server is not part of our domain.  However, I need this server to be a member of the domain.  When it is on the domain, I get an error saying that the user failed to authenticate.

I know that reversibly encrypted passwords need to be enabled, and I have done that.  I have reset the passwords so that this setting will catch.  I have set up each user to allow dial-in connections.  Encrypted passwords and dial-in settings are the same on both the local server and our PDC.

As a workaound, is there a way i can have the RAS server join the domain, but authenticate dial-up users locally???  Also, if anyone has any ideas as to how I can make this work by using the PDC to authenticate these users, that would help too.  Thanks!
Question by:pwi11
  • 2

Author Comment

ID: 12437727
Ok, I think I found where the problem occurs.  In the IASSAM.LOG file, there are errors stating:

Opening LDAP connection to server.domain.local.
Access denied -- purging Kerberos ticket cache.
Retring LDAP connection to server.domain.local.
LDAP connect failed: Access is denied.
Using downlevel dial-in parameters.
Could not open an LDAP connection to domain DOMIAN.
NTDomain::getConnection failed: Access is denied.
Per-user attribute retrieval failed: Access is denied.

So I imagine that some type of setting in the active directory is causing this.  I have no idea how to fix this.  Any ideas???

Author Comment

ID: 12448519
I added the RAS server to the list of RAS and IAS servers in the Active Directory group on our PDC.  I also rejoined the domain, then logged into the RAS server using a domain login.  It now works.  I'm not exactly sure why, but i'm glad it does.  Problem solved.

Accepted Solution

modulo earned 0 total points
ID: 12942235
PAQed with points refunded (500)

Community Support Moderator

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question