Solved

RADIUS required for RAS?

Posted on 2010-09-05
12
387 Views
Last Modified: 2012-05-10
EE,

Just wondering if RADIUS is required to use RAS. If not, does it help simplify the authentication process if you are having authentication issues?

Please explain
0
Comment
Question by:snyderkv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33609141
Nope, RADIUS is not required for RRAS. Could you tell me please what is your need for RRAS? I would consider the best option for you. Thank you in advance.
0
 

Author Comment

by:snyderkv
ID: 33609317
Cool thanks. Basically, we have a machine from another non trusted domain data dialing into our domain via a modem (terminal) so they can use a program on our side.

We get authentication errors 20073 and 20187. I found various articles on the fix like NTLMv2 settings exc. I added the NTLMv2 compatibility reg key for MSChapv2. I have yet to try them all but we are currently working on it. Don't know why it's not authenticating even though they are using the correct username and password.

Would RADIUS help if it meant authenticating not to a DC but to the RADIUS server instead?
0
 

Author Comment

by:snyderkv
ID: 33609334
http://arstechnica.com/civis/viewtopic.php?f=17&t=261473
http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx
http://www.chicagotech.net/casestudy/Evenid20049.htm
http://support.microsoft.com/kb/823659

These are some of the things I have checked out and tried. They are the google results from my authentication errors in event viewer. Hopefully, thats not too off subject however, it may be good for someone who has beene experiencing the same issue.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609372
Is it possible to show me, how did you configure RRAS policy for them?
Thank you in advance.
I don't think so if RADIUS would solve authentication problem in this case. But we will see :)
0
 

Author Comment

by:snyderkv
ID: 33609425
I wiill try and get a netsh config dump and post what I can

Thanks again
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609442
Great, thanks :)
0
 

Author Comment

by:snyderkv
ID: 33609515
This is all done in a test environment BTW before being deployed for real. These settings do not reflect current setup once proof of concept is completed.

# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = bypass
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP

set user name = SUPPORT_ dialin = policy cbpolicy = none
set user name = USERTEST1 dialin = policy cbpolicy = none
set user name = USERTEST2 dialin = policy cbpolicy = none
set user name = USERTEST3 dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.




# -----------------------------------------
# Remote Access AppleTalk Configuration
# -----------------------------------------
pushd ras appletalk

set negotiation mode = allow

popd

# End of Remote Access AppleTalk Configuration.



# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled
set rastracing component = "WZCTrace" state = enabled
set rastracing component = "WZCDLG" state = enabled
set rastracing component = "Wlpolicy" state = enabled
set rastracing component = "wavemsp" state = enabled
set rastracing component = "termmgr" state = enabled
set rastracing component = "tapisrv" state = enabled
set rastracing component = "tapi32" state = enabled
set rastracing component = "tapi3" state = enabled
set rastracing component = "SAINSTALL" state = enabled
set rastracing component = "RTM" state = enabled
set rastracing component = "Router" state = enabled
set rastracing component = "remrras" state = enabled
set rastracing component = "remotesp" state = enabled
set rastracing component = "RASUSER" state = enabled
set rastracing component = "RASTLSUI" state = enabled
set rastracing component = "RASTLS" state = enabled
set rastracing component = "RASTAPI" state = enabled
set rastracing component = "RASSPAP" state = enabled
set rastracing component = "RASPAP" state = enabled
set rastracing component = "RASMAN" state = enabled
set rastracing component = "RASIPHLP" state = enabled
set rastracing component = "RASIPCP" state = enabled
set rastracing component = "RASEAP" state = enabled
set rastracing component = "RASDLG" state = enabled
set rastracing component = "RASCHAP" state = enabled
set rastracing component = "RASCCP" state = enabled
set rastracing component = "RASBACP" state = enabled
set rastracing component = "RASAUTO" state = enabled
set rastracing component = "RASAUTH" state = enabled
set rastracing component = "RASAPI32" state = enabled
set rastracing component = "RADIUS" state = enabled
set rastracing component = "PPP" state = enabled
set rastracing component = "OneExSup" state = enabled
set rastracing component = "NETSHELL" state = enabled
set rastracing component = "NETMAN" state = enabled
set rastracing component = "NDPTSP" state = enabled
set rastracing component = "NAPMMC" state = enabled
set rastracing component = "MprDomain" state = enabled
set rastracing component = "KMDDSP" state = enabled
set rastracing component = "IPRouterManager" state = enabled
set rastracing component = "IPMGM" state = enabled
set rastracing component = "IPBOOTP" state = enabled
set rastracing component = "IGMPv2" state = enabled
set rastracing component = "IASSVCS" state = enabled
set rastracing component = "IASSDO" state = enabled
set rastracing component = "IASSAM" state = enabled
set rastracing component = "IASRECST" state = enabled
set rastracing component = "IASRAD" state = enabled
set rastracing component = "IASNAP" state = enabled
set rastracing component = "IASHLPR" state = enabled
set rastracing component = "IASACCT" state = enabled
set rastracing component = "h323msp" state = enabled
set rastracing component = "FWCFG" state = enabled
set rastracing component = "EAPOL" state = enabled
set rastracing component = "conftsp" state = enabled
set rastracing component = "confmsp" state = enabled
set rastracing component = "BAP" state = enabled

set modemtracing state = enabled

set cmtracing state = disabled

set securityeventlogs state = enabled


popd

# End of Remote Access Diagnostics Configuration.




# -----------------------------------------
# Remote Access IP Configuration
# -----------------------------------------
pushd ras ip

delete pool

set negotiation mode = allow
set access mode = all
set addrreq mode = allow
set broadcastnameresolution mode = enabled
set addrassign method = auto

popd

# End of Remote Access IP configuration.



# -----------------------------------------
# Remote Access IPX Configuration
# -----------------------------------------
pushd ras ipx

set negotiation mode = deny
set access mode = all
set nodereq mode = allow
set netassign method = autosame

popd

# End of Remote Access IPX configuration.




# -----------------------------------------
# Remote Access NBF Configuration
# -----------------------------------------
pushd ras netbeui

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access NBF configuration.




# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa

set authentication provider = windows
set accounting provider = windows

delete authserver name = *
delete acctserver name = *



popd

# End of Remote Access AAAA configuration.



netsh ras>
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609624
OK, I will analyze it and let you know. Give me some time :) Thanks
0
 

Author Comment

by:snyderkv
ID: 33609996
Holly snyckies it worked with those configuration settings above. I think it was the NTLMv2 reg key I added? That and I checked Bypass as you can see in the config (bypass allows users not to authenticate) I'm unchecking it (setting it to standard in netsh) to test it with authentication.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610015
that's great. So, you solved it yourself :)
0
 

Author Comment

by:snyderkv
ID: 33610320
Yup the logs show MSCHAPv2 authenticated and logon succeeded :)

Thanks for lettting me know we didn't need RADIUS. Saved us a bunch of time.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610439
Thank you also :)
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question