?
Solved

Radius Server

Posted on 2007-10-01
7
Medium Priority
?
283 Views
Last Modified: 2010-03-17
I want to set up radius server for a group of vpn users. we use the sonicwall vpn client. i would like it so that they use their windows username/password for the vpn client, when they change thier windows login that applies to the vpn. how to configure radius server? can someone provide info or articles for this. i can provide more info if needed. using server 2003 AD.
0
Comment
Question by:jeffsteffy
  • 3
  • 3
7 Comments
 
LVL 8

Accepted Solution

by:
mailtosinghs earned 1200 total points
ID: 19993197
You can setup Internet Authentication Service in windows 2003 server setup
you can use this as RADIUS Server for any RADIUS client. you can also use your AD as authentication provider.

you can integrate your current VPN solution to use IAS as RADIUS server.

more resource on IAS and deployment.
http://technet.microsoft.com/en-us/network/bb643123.aspx
0
 
LVL 26

Assisted Solution

by:Farhan Kazi
Farhan Kazi earned 800 total points
ID: 19993353
Following articles might help you to understand/configure VPN authentication with RADIUS:

* Checklist: Installing and configuring a VPN server (Good one)
http://technet2.microsoft.com/windowsserver/en/library/930ee0b5-d9f1-4bf2-b562-38e63bebc74e1033.mspx?mfr=true

* Dial-up and VPNs with RADIUS Authentication (VPN with Windows Server 2003)
http://technet2.microsoft.com/windowsserver/en/library/04f5add9-85ff-4b07-96e0-498b883dcb461033.mspx?mfr=true

* Use RADIUS authentication
http://technet2.microsoft.com/windowsserver/en/library/5934dc6b-78ec-4d37-b45f-99754e5067801033.mspx?mfr=true

* Configuring a Windows Server for RADIUS Authentication (Good one)
http://secure.enterasys.com/support/manuals/Pol_Mgr1_8_1-web/docs/p_win2000_config.html

* Internet Authentication Service
http://technet.microsoft.com/en-us/network/bb643123.aspx

* How to install and configure a Virtual Private Network server in Windows Server 2003
http://support.microsoft.com/kb/323441

* Leveraging RADIUS accounting by using Microsoft Windows RADIUS Server and Internet Authentication Service
http://support.microsoft.com/servicedesks/webcasts/seminar/shared/asp/view.asp?url=/servicedesks/webcasts/en/wc031704/manifest.xml&WMPVer=9.0.0.3196

* Deployment of Protected 802.11 Networks Using Microsoft Windows
http://www.microsoft.com/technet/network/wifi/ed80211.mspx

0
 
LVL 2

Author Comment

by:jeffsteffy
ID: 19993789
That is a lot of information, I'll spend some time reading all of it. Would you enable IAS on the domain controller or another server 2003 box? Should I create a new group in AD and add all VPN users? i read be reading before I do this and may ask more questions so i will give points now then open new question if needed.

thanks
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19993832
you can enable IAS on DC but it is good to have a dedicated box for IAS if you are having lot of users using VPN.

DC is advised to be kept intact and should not have any other service because installing multiple services opens up new surface for security loopholes.

you can use group or OU for configuring authentication sets.
0
 
LVL 2

Author Comment

by:jeffsteffy
ID: 19993920
I have a server 2003 as file server, can use that use IAS?
0
 
LVL 8

Expert Comment

by:mailtosinghs
ID: 19993964
technically you can use any windows 2003 server to host IAS, if you want domain authentication it should be part of domain.

the decision should be based on the distribution of services on the servers and the workload/user request volume is the factor which decides which role you should assign to which server.

if your file server doesn't experience a bottleneck nor it is close to its max throughput you can do that. if the number of VPN user and their frequency is higher then definetly you should go for new box.
0
 
LVL 2

Author Comment

by:jeffsteffy
ID: 19994345
thanks for the information
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question