Posted on 2006-06-16
I am trying to get RADIUS working when clients access a certain website, the setup is as follows:
The way it should work is, a client accesses www.<website>.com, a window opens pops up and prompts for authentication credentials, those credentials get passed to the Radius server, the Radius server accepts and sends back to the PIX and the client gets through.
Now, I have most of this working, I have a PIX 515e and a Windows 2003 EE server running IAS. When I access the website, it gives me the box prompting for a password, and the PIX is communicating with the Windows server with the RADIUS protocol (I verified this with Ethereal). The problem is, authentication fails every time (using Ethereal I see that the Windows server passes an Access-Reject RADIUS packet back). The Radius server is not on a domain and I have created simple local user accounts on the Windows server to use for authentication, however I can't get it working.
Is there some special secret to getting the RADIUS server to authenticate or what?