Solved

RADIUS required for RAS?

Posted on 2010-09-05
12
359 Views
Last Modified: 2012-05-10
EE,

Just wondering if RADIUS is required to use RAS. If not, does it help simplify the authentication process if you are having authentication issues?

Please explain
0
Comment
Question by:snyderkv
  • 6
  • 6
12 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33609141
Nope, RADIUS is not required for RRAS. Could you tell me please what is your need for RRAS? I would consider the best option for you. Thank you in advance.
0
 

Author Comment

by:snyderkv
ID: 33609317
Cool thanks. Basically, we have a machine from another non trusted domain data dialing into our domain via a modem (terminal) so they can use a program on our side.

We get authentication errors 20073 and 20187. I found various articles on the fix like NTLMv2 settings exc. I added the NTLMv2 compatibility reg key for MSChapv2. I have yet to try them all but we are currently working on it. Don't know why it's not authenticating even though they are using the correct username and password.

Would RADIUS help if it meant authenticating not to a DC but to the RADIUS server instead?
0
 

Author Comment

by:snyderkv
ID: 33609334
http://arstechnica.com/civis/viewtopic.php?f=17&t=261473
http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx
http://www.chicagotech.net/casestudy/Evenid20049.htm
http://support.microsoft.com/kb/823659

These are some of the things I have checked out and tried. They are the google results from my authentication errors in event viewer. Hopefully, thats not too off subject however, it may be good for someone who has beene experiencing the same issue.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609372
Is it possible to show me, how did you configure RRAS policy for them?
Thank you in advance.
I don't think so if RADIUS would solve authentication problem in this case. But we will see :)
0
 

Author Comment

by:snyderkv
ID: 33609425
I wiill try and get a netsh config dump and post what I can

Thanks again
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609442
Great, thanks :)
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:snyderkv
ID: 33609515
This is all done in a test environment BTW before being deployed for real. These settings do not reflect current setup once proof of concept is completed.

# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = bypass
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP

set user name = SUPPORT_ dialin = policy cbpolicy = none
set user name = USERTEST1 dialin = policy cbpolicy = none
set user name = USERTEST2 dialin = policy cbpolicy = none
set user name = USERTEST3 dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.




# -----------------------------------------
# Remote Access AppleTalk Configuration
# -----------------------------------------
pushd ras appletalk

set negotiation mode = allow

popd

# End of Remote Access AppleTalk Configuration.



# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled
set rastracing component = "WZCTrace" state = enabled
set rastracing component = "WZCDLG" state = enabled
set rastracing component = "Wlpolicy" state = enabled
set rastracing component = "wavemsp" state = enabled
set rastracing component = "termmgr" state = enabled
set rastracing component = "tapisrv" state = enabled
set rastracing component = "tapi32" state = enabled
set rastracing component = "tapi3" state = enabled
set rastracing component = "SAINSTALL" state = enabled
set rastracing component = "RTM" state = enabled
set rastracing component = "Router" state = enabled
set rastracing component = "remrras" state = enabled
set rastracing component = "remotesp" state = enabled
set rastracing component = "RASUSER" state = enabled
set rastracing component = "RASTLSUI" state = enabled
set rastracing component = "RASTLS" state = enabled
set rastracing component = "RASTAPI" state = enabled
set rastracing component = "RASSPAP" state = enabled
set rastracing component = "RASPAP" state = enabled
set rastracing component = "RASMAN" state = enabled
set rastracing component = "RASIPHLP" state = enabled
set rastracing component = "RASIPCP" state = enabled
set rastracing component = "RASEAP" state = enabled
set rastracing component = "RASDLG" state = enabled
set rastracing component = "RASCHAP" state = enabled
set rastracing component = "RASCCP" state = enabled
set rastracing component = "RASBACP" state = enabled
set rastracing component = "RASAUTO" state = enabled
set rastracing component = "RASAUTH" state = enabled
set rastracing component = "RASAPI32" state = enabled
set rastracing component = "RADIUS" state = enabled
set rastracing component = "PPP" state = enabled
set rastracing component = "OneExSup" state = enabled
set rastracing component = "NETSHELL" state = enabled
set rastracing component = "NETMAN" state = enabled
set rastracing component = "NDPTSP" state = enabled
set rastracing component = "NAPMMC" state = enabled
set rastracing component = "MprDomain" state = enabled
set rastracing component = "KMDDSP" state = enabled
set rastracing component = "IPRouterManager" state = enabled
set rastracing component = "IPMGM" state = enabled
set rastracing component = "IPBOOTP" state = enabled
set rastracing component = "IGMPv2" state = enabled
set rastracing component = "IASSVCS" state = enabled
set rastracing component = "IASSDO" state = enabled
set rastracing component = "IASSAM" state = enabled
set rastracing component = "IASRECST" state = enabled
set rastracing component = "IASRAD" state = enabled
set rastracing component = "IASNAP" state = enabled
set rastracing component = "IASHLPR" state = enabled
set rastracing component = "IASACCT" state = enabled
set rastracing component = "h323msp" state = enabled
set rastracing component = "FWCFG" state = enabled
set rastracing component = "EAPOL" state = enabled
set rastracing component = "conftsp" state = enabled
set rastracing component = "confmsp" state = enabled
set rastracing component = "BAP" state = enabled

set modemtracing state = enabled

set cmtracing state = disabled

set securityeventlogs state = enabled


popd

# End of Remote Access Diagnostics Configuration.




# -----------------------------------------
# Remote Access IP Configuration
# -----------------------------------------
pushd ras ip

delete pool

set negotiation mode = allow
set access mode = all
set addrreq mode = allow
set broadcastnameresolution mode = enabled
set addrassign method = auto

popd

# End of Remote Access IP configuration.



# -----------------------------------------
# Remote Access IPX Configuration
# -----------------------------------------
pushd ras ipx

set negotiation mode = deny
set access mode = all
set nodereq mode = allow
set netassign method = autosame

popd

# End of Remote Access IPX configuration.




# -----------------------------------------
# Remote Access NBF Configuration
# -----------------------------------------
pushd ras netbeui

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access NBF configuration.




# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa

set authentication provider = windows
set accounting provider = windows

delete authserver name = *
delete acctserver name = *



popd

# End of Remote Access AAAA configuration.



netsh ras>
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609624
OK, I will analyze it and let you know. Give me some time :) Thanks
0
 

Author Comment

by:snyderkv
ID: 33609996
Holly snyckies it worked with those configuration settings above. I think it was the NTLMv2 reg key I added? That and I checked Bypass as you can see in the config (bypass allows users not to authenticate) I'm unchecking it (setting it to standard in netsh) to test it with authentication.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610015
that's great. So, you solved it yourself :)
0
 

Author Comment

by:snyderkv
ID: 33610320
Yup the logs show MSCHAPv2 authenticated and logon succeeded :)

Thanks for lettting me know we didn't need RADIUS. Saved us a bunch of time.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610439
Thank you also :)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now