Radius Server Fails to Authenticate Users in a Remote Domain

ID: Q214555

The information in this article applies to:

Microsoft Windows NT Server version 4.0

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SYMPTOMS

Microsoft Internet Authentication Server (Radius) can be used to authenticate remote dial-in users from another domain if the Radius server's domain trusts the user's domain.

To successfully authenticate users from a domain other than the Radius server's domain, the user name supplied should be in the form of domain\user and the Radius server's domain should trust the user's domain.

However, when you dial into a Routing and Remote Access server that is using a Radius server for authentication, cross-domain authentication may fail even when you specify the user name in the domain\user format.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual fix. For information on obtaining the latest service pack, please go to:

http://www.microsoft.com/Windows/ServicePacks/

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

For information on obtaining the individual fix, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

STATUS

Microsoft has confirmed this to be a problem in Microsoft Routing and Remote Access Service Update for Windows NT Server 4.0. This problem was first corrected in Windows NT version 4.0 Service Pack 5.

Additional query words: rras


Keywords          : ntras nt4sp5fix 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: July 2, 1999