Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 648
  • Last Modified:

RRAS wont let me use RADIUS

I have a RRAS instance on my ISA 2006 server.  I want to switch the authentication method from windows authentication to RADIUS.  When I make the change, point to the RRAS server and restart RRAS, the setting is switched back to windows authentication.  What would cause that?  I dont even know what to check first!  
0
jjtierney
Asked:
jjtierney
  • 9
  • 9
2 Solutions
 
arnoldCommented:
Did you setup and authorized an IAS service? Do you have a radius service to which you pointed?
It's possible that it is switching back because it does not see a valid Radius server and falls back.
Check the event log to see whether it logs any errors.
0
 
jjtierneyAuthor Commented:
I have a radius (non IAS server) that I am pointing to on another box.  I'm checking to see if that is running.  
0
 
arnoldCommented:
You may need to authorize that RADIUS server in the AD.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jjtierneyAuthor Commented:
OK, here is what I did so far.
I have a sonicwall.  I pointed that to do Radius auth to the Radius server.  (Which happens also to be a DC)  Tested that successfully.  Changed the setting in RRAS on the ISA server to do Radius auth.  Set up the ISA server as a Radius client in the Radius GUI. Rebooted ISA.  Checked RRAS settings and the settings switched back to Windows Auth.  Clean install of ISA, the OS, RRAS. I am sure I'm missing something stupid here.
0
 
jjtierneyAuthor Commented:
Even when I tick the checkbox "Enable this computer as a remote access computer" rebooting sets it back to unchecked.  
0
 
arnoldCommented:
Did you add the Radius server as an authorized IAS server in the AD?
Does the ISA log any errors in the event log? i.e. radius server not authorized etc.?
0
 
arnoldCommented:
http://technet.microsoft.com/en-us/library/cc713343.aspx
See if you can setup the IAS server to proxy the requests to the non windows radius server.

If you have a sonicwall, why are you using ISA? Or is your use of ISA is for outbound/inbound web filtering?
0
 
jjtierneyAuthor Commented:
Some users use regular MS VPN to connect to our network.  We use a Sonicwall SSL 2000 to get physicians to use some clinical applications from anywhere.  I actually have IAS off at the moment.  You mean set up RRAS to point to its own IP for Radius, then set IAS to point to the non windows radius server?
0
 
jjtierneyAuthor Commented:
What's odd is, I had this working until I decided to reconfigure RRAS this week, haven't gotten it to work since.
0
 
arnoldCommented:
Can you check whether the Radius server is reporting that requests are coming from ISA?  Did you need to add some vendor specific attributes to the ISA?  Do you have the previous configuration settings? Are there any event logs that could explain why the settings alternations you made revert?
0
 
jjtierneyAuthor Commented:
The RADIUS server isnt getting requests from ISA.  RRAS want keep the setting, actually ANY change I make to RRAS is lost after reboot.  The error is "Unable to add the interface {399A0C8B-0E29-4FBC-99F7-EA104390ABC7} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function."  I wish I had a doc on how RRAS was configure prior to my screwing it up.

0
 
arnoldCommented:
See if you have a similar issue where you have an interface that is not in use and is not disabled:
http://forums.techarena.in/small-business-server/723512.htm
I.e. a disconnected network interface, 1394 port, etc.
0
 
jjtierneyAuthor Commented:
I have 1394 disabled, WAN plugged in, LAN Plugged in.  
When I reboot both the general and security tabs are back to where they were prior to my making a change.
Ive tried it with IAS enabled, disabled, configured, unconfigured.  Its like something else is overriding my changes.  If I had any hair Id be pulling it out.
0
 
arnoldCommented:
{399A0C8B-0E29-4FBC-99F7-EA104390ABC7} refers to an interface that it can not add.  What is this interface?
Presumably you are working on the system directly, try disabling the LAN port and see whether this error remains. If it does, try disabling the WAN port while the LAN port is active and see whether the error remains or changes.
if you run, ipconfig while both WAN and LAN ports are active, do they reflect IPs outside the 169.254 range i.e. do not get limited connectivity because they did not receive a response to the DHCP request?
0
 
arnoldCommented:
You can also try searching the registry for the Interface key.
0
 
jjtierneyAuthor Commented:
After I disabled the 1934 interface, I no longer get the error, however I still cant set Radius and have the setting "stick" .  Ugh.
0
 
arnoldCommented:
One thing at the time.  I am not sure how RRAS and the ISA tie into the issue you are having.  When you make the setting change, do you see requests going to the radius server prior to rebooting the system?  Do you have some sort of backup setup that roles unapproved changes back?
I.e. goback, or similar application that is there to make sure that unapproved changes are not kept?
0
 
jjtierneyAuthor Commented:
THis was resolved by setting the VPN policy in ISA, the settings of which were overwriting the RRAS settings.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now