Solved

How do I search through the active directory forest for radius authentication - I need the users to be able to logon without specifying thier domain

Posted on 2006-10-28
8
198 Views
Last Modified: 2010-03-18
I have been given the task of making our vpn user id's and passwords the same as our Active directory.

Our AD environment consists of one forest and 5 different domains

the user needs to be able to vpn in with  firstname lastname

I thought we could point our vpn device to windows/IAS radius and this would be possible - it is possible, but the user has to specify thier domain name when they log in....

Specifying the domain name is not an option for me - I can only use firstname lastname - I need something that will make radius search through our entire ad structure to find the user name (all our user names are unique)

0
Comment
Question by:scarm
  • 2
  • 2
8 Comments
 
LVL 6

Expert Comment

by:camacho_marco
ID: 17840715
Try and use Cisco VPN concnetrator, it has LDAP and you do not specify a domain only user and password.

Cheers
0
 

Author Comment

by:scarm
ID: 17847509
do you have to use distinguished or fully qualified names?

Also, our vpn is not cisco - it's F5 network's uroam product

- multiple domains - users need to login without specifying domain name
0
 

Author Comment

by:scarm
ID: 17911109
Nobody has any radius / active directory experience out there??
0
 
LVL 9

Accepted Solution

by:
CLoz earned 500 total points
ID: 18097267
If you are using the F5 Firepass you should be able to create a Master Group that authenticates directly with your AD server.  As long as you don't have users with matching ID's across the 5 domains you will not need to supply the domain name during authentication.  

Let me know if you need help creating the Master Group.

-Cloz
0
 
LVL 6

Expert Comment

by:camacho_marco
ID: 19406994
split points
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 72
internet access from windows servers 4 75
EXCHANGE: Extended schema in child domain 7 69
Setting up a VPN 60 177
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question