custom authentication with ias extension dll problem
From: sanjaykumar (anonymous_at_discussions.microsoft.com)
Date: 02/26/04
- Previous message: Thirumalesh Bhat[MSFT]: "Re: IAS Error"
- Next in thread: Ashwin Palekar\(MS\): "Re: custom authentication with ias extension dll problem"
- Reply: Ashwin Palekar\(MS\): "Re: custom authentication with ias extension dll problem"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 25 Feb 2004 18:11:06 -0800
Hi,
Basically i want to bypass ias standard authentication by windows accounts/ group/active directory etc and use my custom authentication criteria( say using checkSomeCondition() function below)
I am writing ias extension dll for windows 2003 server IAS and using function RadiusExtensionInit and RadiusExtensionProcess.
When I test extension DLL, i found it does not work as expected. It still refers to winodws accounts/groups for authenticating users.
During debugging i observed that extension dll gets called and RADIUS_ACTION is set to raAccept if authentication criteria is met. but response received at radius client is "access reject".
see the radius log file below with tracing enabled.I am expecting ias to send access accept response if *pfAction = raAccept is set to raAccept or access reject if *pfAction = raReject in ias extension dll.
Does it requires some other settings/configuration in IAS configuration( what is that?) to achieve above functionality.
In IAS My remote access policy is to grant access if authetication type matches CHAP , PAP or unauthenticated.
i HAVE Enabled tracing for ias and following is content of tracing(iassam.log)
2736] 02-26 05:48:11:984: NT-SAM Names handler received request with user identity test.
[2736] 02-26 05:48:11:984: Prepending default domain.
[2736] 02-26 05:48:11:984: NameMapper::prependDefaultDomain
[2736] 02-26 05:48:11:984: SAM-Account-Name is "SUN\test".
[2736] 02-26 05:48:11:984: Invoking ExtensionDLLs
[2736] 02-26 05:48:11:984: Invoking extension HiWiFiIASExtension.dll
[2736] 02-26 05:48:12:000: RadiusExtensionProcess returned 0
[2736] 02-26 05:48:12:000: RADIUS_EXTENSION_CONTROL_BLOCK.SetResponseType(2)
[2736] 02-26 05:48:12:000: Validating Windows account SUN\test.
[2736] 02-26 05:48:12:000: Using downlevel APIs to validate account.
[2736] 02-26 05:48:12:000: Using cached SAM connection to local account domain.
[2736] 02-26 05:48:12:000: IASGetGroupsForUser failed: No mapping between account names and security IDs was done.
Any suggestions or hints?
- Previous message: Thirumalesh Bhat[MSFT]: "Re: IAS Error"
- Next in thread: Ashwin Palekar\(MS\): "Re: custom authentication with ias extension dll problem"
- Reply: Ashwin Palekar\(MS\): "Re: custom authentication with ias extension dll problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
