02-21-2001 08:52 AM - edited 02-21-2020 11:17 AM
we have receently set up a cisco 3030 concetrator using NT authentication. This works fine until your NT password expires and requests that you change the password. I get authentication failure and in the cisco event log it says "322 02/21/2001 11:50:19.290 SEV=3 AUTH/5 RPT=10 212.38.69.171 Authentication
rejected: Reason = Unspecifiedhandle = 44, server = 130.21.210.1, user =melhuic"
Any ideas?
02-21-2001 02:41 PM
Nothing to do with the authentication, and I do hope this information is mock.
Ooh and I would suggest that you don't advertise your server ip address' or valid userids.
02-22-2001 12:43 AM
I gave a false address to replace our address so that the error would make sense.
Any ideas on the password change request?
02-22-2001 07:40 PM
It may have something to do with the way NT authenticates LanManager (LM) clients, I'll try not to make this to long as you could write a book on this process alone.
Windows NT 4 >SP4 supports both LM and Windows NT Challenge\responce (NTLM), it can keep two versions of the same password in the SAM database. but if you change the password on a windows NT4 workstation the LM version is deleted under most conditions.
This may be a problem with a BSDI based device like the Cisco 3000's(I think it's BSDI based anyhow), as the 3000 most likely only uses the LM authentication (I think).
I suggest you install the latest RRAS onto the NT4 server and configure Radius on it and then reconfigure the 3000 to use radius as this should get around the LM auth problem (that is if it is the problem)
Good Luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide