Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2009

    Unanswered: export IAS-RADIUS logs to SQL Server 2005 database

    I have some problems to export IAS-RADIUS server logs in a SqlServer2005 database Theoretically, it is done in two steps:
    1. IAS server configuration: interface configuration specifies the server name(Host name), the database name, user & password and then testing the connection(all must be created in sqlserver before testing connection)
    2. Configure SQL2005 server: here is a little more work. Have to create a database, a table where insert data, a user/password and a stored procedure called 'Report_event'. The IAS's help described modality about how working IAS-RADIUS to export logs in SqlServer, but not given details about the table structure. In fact, IAS-Radius server creates an XML, call stored procedure 'Report_event'(from sql server) to process XML and insert a record into the table. I searched for information about the structure of the tables and found something on MSDN and Technet from Microsoft. I run the attached script (without any error). It created the database, the table and the stored procedure called 'report_event'. Then, I created a 'login' = 'USERIAS' which I mapped on database 'NPSODBC'. After this, I gave permission to connect, select, insert, update and execute.
    I configured the connection interface of the IAS-RADIUS server with: Server = 'SERVERNAME', database = 'NPSODBC' authentication = 'SqlServer', User = 'USERIAS', Password = 'Password') and I tested connection and it worked ok.(message from IAS configuration interface: Connection successful)
    When IAS_RADIUS receive a request to authenticate a user who want to connect on the network via IAS/RAS, must create a log record. But IAS_RADIUS server not inserted any records in database. In Sqlserver log appear the message 'Login failed for user USERIAS [Client: IPserverIAS]' (If I test the connection at database from IAS-RADIUS server in interface configuration tells me it's ok) What other permissions should be assigned to 'USERIAS'?
    Attached Files Attached Files
    Last edited by muraruadrian; 11-06-09 at 04:37.

  2. #2
    Join Date
    Feb 2009
    Can anyone help me?

  3. #3
    Join Date
    Feb 2004
    In front of the computer
    Provided Answers: 54
    There are a lot of possible answers to your question. I don't think that the permissions are your problem.

    Based on the information that you've posted, I'd guess that a different password was being used by the automated logging process than is being used by the manual testing process. I've seen two Radius servers that had this problem, due to SOAP constructor issues.

    Another remote possibility is that the SQL Client on the Radius server may be old enough to be incompatible with the filtering being done by your DMZ router or other hardware. Just to be safe, I'd use the SQL 2005 CD to install its SQL Native Client onto the Radius server, and then I'd apply SQL 2005 sp 4 or later to the Radius server to make its SQL Native Client current.

    In general, Radius servers are touchy beasts. They are designed to be highly secure, minimalist configurations to keep them safe. They are often designed to be configured by extremely knowledgable SME (Subject Matter Experts) and there is often more undocumented than is documented about configuring them. This is usually a challenging task, but a rewarding one once you get it completed!

    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  4. #4
    Join Date
    Feb 2009
    As I have written, SQL authentication on the IAS server to server Sql2005 (different machines, but in the same domain) works perfectly in the window configuration IAS and the prompt Sqlcmd (both SQL authentication and Windows Authentication with an domain account with local administrative rights) However, when the IAS server must insert a record in SQL, does not. I ran a trace with SQL Profiler - the message is' Login failed for user ....'.
    Finally, I installed a local SQL2005 server, on the IAS machine. In this case, the IAS server insert records localy, in SQL database table, but only for Windows Authentication type (domain account with local administrative rights).
    Really, I think that a different password was being used by the automated logging process than is being used by the manual testing process. But why?

    Thanks PAT
    Last edited by muraruadrian; 11-24-09 at 07:31.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts