Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7552
  • Last Modified:

Microsoft RADIUS server

RADIUS server

      I am looking to implement a ‘radius server’ to auth some dialup / perhaps wireless accounts.  If an attempt to replace a legacy machine that running a 3rd party application for radius authentication.  This app’ gets all its accounting info from a SQL dB, so I don’t have to worry about user files filled with user/names and pass/words.
I remember reading once about Microsoft Windows 2000 perhaps 2003 even has it.  Its own ‘radius server’, but its going by a different name!  Can anyone here point me in the correct direction as to where I can find some white papers on this and some HowTo documentation?

Thanks in Advanced.

0
weguardyou
Asked:
weguardyou
  • 9
  • 6
1 Solution
 
Yan_westCommented:
check all the link contained in the article.. everything is there..
0
 
weguardyouAuthor Commented:
I’ll do that and get back here.  As long as it tests ok, then I can make a machine and put it in place of the existing machine and see if it handles the requests.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Yan_westCommented:
It works great btw.... we are using it for our pix authentification..
0
 
weguardyouAuthor Commented:
Well I am banking on it.  This is going to be for PPP ISDN dialup requests.  If it works it saves going out and buying some over priced 3rd party software.

0
 
weguardyouAuthor Commented:
Ok the setup seems to be simple …. Install setup point to my existing dB.
How do I test that this wills auth the requests from the NAS?
0
 
Yan_westCommented:
Hmmm, you wanna see if it works?  In your IAS server, under remote access logging, you can enable logs. after, you just consult the logs to see if everything is working fine..
0
 
weguardyouAuthor Commented:
In the old system using (3rd party software) I notice that they have a Radius Client Definition area.  This area has a few columns…

NAS Name, IPAddress, Secret, Type, Security

NAS Names:      Has the names of the remote servers who request from that radius.
IPAddress:      Has their IP Addresses
Secret:            Has their secret word
Type:      Has the type, such as Radius Server, Livingston, Ascend  this is most like the type of client they are using.
Security:      YES/NO Option.

I don’t see settings like this in the Microsoft Version; and I am unsure if it matters.
0
 
Yan_westCommented:
In my config on IAS I have the "friendly name for client", the ip address, the "client-vendor".. (type in your case), and the share secret password..

so this would represent the 4 first field you gave me.. no idea about the last one..
0
 
Yan_westCommented:
btw, this is in the client folder in IAS..
0
 
Tim HolmanCommented:
FreeRadius is as good as any, if you're familiar with Linux ?
There's a config example here:

http://www.gbnetwork.co.uk/networking/ciscopixvpnradius.html
0
 
weguardyouAuthor Commented:
Ok I think I have an understanding of my issue.
You see the old server gets its client info from a SQL dB.  I don’t see this option here in the Microsoft’s version.  I am going to plug away at this for a little while longer.

This is what I get in my log:

User 911user was denied access.
 Fully-Qualified-User-Name = RCPTSVR\911user
 NAS-IP-Address = <not present>
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = <not present>
 Client-Friendly-Name = test
 Client-IP-Address = 127.0.0.1
 NAS-Port-Type = <not present>
 NAS-Port = <not present>
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = PAP
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The thing that I see I need to change (not sure how to just yet) is:  Use Windows authentication for all users
I need this to auth via SQL server.

0
 
Yan_westCommented:
Oh, 2000 radius uses the Active directory database of users to authentify btw.. people have to use their username and password from the domain!..
0
 
weguardyouAuthor Commented:
Yes... I am finding this out the hard/way.  It works even when you make local user accounts.
Seeing that this test box isnt a Domained Machine.

Blah... Back to the grind.  I need to find a solution to this server.  I thought a Microsoft out of the box solution would work.
I think i will just award you the points , you have been a big big help to me.

Once more... Go Microsoft.

I am not about to add users from a SQL dB into AD accounts on a domain.  Thats not even needed.
0
 
Yan_westCommented:
Think you may also have to enable some function in the user properties in ADUC to let them authenticate via radius.. in the dial-in tab, select allow access..
0
 
Yan_westCommented:
Oh, i'm sorry about that.. but think of it, using radius this way is logical :)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now