Solved

Microsoft RADIUS server

Posted on 2004-09-23
16
7,535 Views
Last Modified: 2010-05-18
RADIUS server

      I am looking to implement a ‘radius server’ to auth some dialup / perhaps wireless accounts.  If an attempt to replace a legacy machine that running a 3rd party application for radius authentication.  This app’ gets all its accounting info from a SQL dB, so I don’t have to worry about user files filled with user/names and pass/words.
I remember reading once about Microsoft Windows 2000 perhaps 2003 even has it.  Its own ‘radius server’, but its going by a different name!  Can anyone here point me in the correct direction as to where I can find some white papers on this and some HowTo documentation?

Thanks in Advanced.

0
Comment
Question by:weguardyou
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
16 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12133282
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12133297
check all the link contained in the article.. everything is there..
0
 
LVL 1

Author Comment

by:weguardyou
ID: 12133475
I’ll do that and get back here.  As long as it tests ok, then I can make a machine and put it in place of the existing machine and see if it handles the requests.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 15

Expert Comment

by:Yan_west
ID: 12133494
It works great btw.... we are using it for our pix authentification..
0
 
LVL 1

Author Comment

by:weguardyou
ID: 12133522
Well I am banking on it.  This is going to be for PPP ISDN dialup requests.  If it works it saves going out and buying some over priced 3rd party software.

0
 
LVL 1

Author Comment

by:weguardyou
ID: 12134120
Ok the setup seems to be simple …. Install setup point to my existing dB.
How do I test that this wills auth the requests from the NAS?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12134172
Hmmm, you wanna see if it works?  In your IAS server, under remote access logging, you can enable logs. after, you just consult the logs to see if everything is working fine..
0
 
LVL 1

Author Comment

by:weguardyou
ID: 12134285
In the old system using (3rd party software) I notice that they have a Radius Client Definition area.  This area has a few columns…

NAS Name, IPAddress, Secret, Type, Security

NAS Names:      Has the names of the remote servers who request from that radius.
IPAddress:      Has their IP Addresses
Secret:            Has their secret word
Type:      Has the type, such as Radius Server, Livingston, Ascend  this is most like the type of client they are using.
Security:      YES/NO Option.

I don’t see settings like this in the Microsoft Version; and I am unsure if it matters.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12134351
In my config on IAS I have the "friendly name for client", the ip address, the "client-vendor".. (type in your case), and the share secret password..

so this would represent the 4 first field you gave me.. no idea about the last one..
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12134358
btw, this is in the client folder in IAS..
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12134385
FreeRadius is as good as any, if you're familiar with Linux ?
There's a config example here:

http://www.gbnetwork.co.uk/networking/ciscopixvpnradius.html
0
 
LVL 1

Author Comment

by:weguardyou
ID: 12134776
Ok I think I have an understanding of my issue.
You see the old server gets its client info from a SQL dB.  I don’t see this option here in the Microsoft’s version.  I am going to plug away at this for a little while longer.

This is what I get in my log:

User 911user was denied access.
 Fully-Qualified-User-Name = RCPTSVR\911user
 NAS-IP-Address = <not present>
 NAS-Identifier = <not present>
 Called-Station-Identifier = <not present>
 Calling-Station-Identifier = <not present>
 Client-Friendly-Name = test
 Client-IP-Address = 127.0.0.1
 NAS-Port-Type = <not present>
 NAS-Port = <not present>
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows
 Authentication-Server = <undetermined>
 Policy-Name = <undetermined>
 Authentication-Type = PAP
 EAP-Type = <undetermined>
 Reason-Code = 16
 Reason = Authentication was not successful because an unknown user name or incorrect password was used.

The thing that I see I need to change (not sure how to just yet) is:  Use Windows authentication for all users
I need this to auth via SQL server.

0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 12134828
Oh, 2000 radius uses the Active directory database of users to authentify btw.. people have to use their username and password from the domain!..
0
 
LVL 1

Author Comment

by:weguardyou
ID: 12134868
Yes... I am finding this out the hard/way.  It works even when you make local user accounts.
Seeing that this test box isnt a Domained Machine.

Blah... Back to the grind.  I need to find a solution to this server.  I thought a Microsoft out of the box solution would work.
I think i will just award you the points , you have been a big big help to me.

Once more... Go Microsoft.

I am not about to add users from a SQL dB into AD accounts on a domain.  Thats not even needed.
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12134896
Think you may also have to enable some function in the user properties in ADUC to let them authenticate via radius.. in the dial-in tab, select allow access..
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12134910
Oh, i'm sorry about that.. but think of it, using radius this way is logical :)
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question