RADIUS required for RAS?

EE,

Just wondering if RADIUS is required to use RAS. If not, does it help simplify the authentication process if you are having authentication issues?

Please explain
snyderkvAsked:
Who is Participating?
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Nope, RADIUS is not required for RRAS. Could you tell me please what is your need for RRAS? I would consider the best option for you. Thank you in advance.
0
 
snyderkvAuthor Commented:
Cool thanks. Basically, we have a machine from another non trusted domain data dialing into our domain via a modem (terminal) so they can use a program on our side.

We get authentication errors 20073 and 20187. I found various articles on the fix like NTLMv2 settings exc. I added the NTLMv2 compatibility reg key for MSChapv2. I have yet to try them all but we are currently working on it. Don't know why it's not authenticating even though they are using the correct username and password.

Would RADIUS help if it meant authenticating not to a DC but to the RADIUS server instead?
0
 
snyderkvAuthor Commented:
http://arstechnica.com/civis/viewtopic.php?f=17&t=261473
http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx
http://www.chicagotech.net/casestudy/Evenid20049.htm
http://support.microsoft.com/kb/823659

These are some of the things I have checked out and tried. They are the google results from my authentication errors in event viewer. Hopefully, thats not too off subject however, it may be good for someone who has beene experiencing the same issue.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Is it possible to show me, how did you configure RRAS policy for them?
Thank you in advance.
I don't think so if RADIUS would solve authentication problem in this case. But we will see :)
0
 
snyderkvAuthor Commented:
I wiill try and get a netsh config dump and post what I can

Thanks again
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Great, thanks :)
0
 
snyderkvAuthor Commented:
This is all done in a test environment BTW before being deployed for real. These settings do not reflect current setup once proof of concept is completed.

# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = bypass
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP

set user name = SUPPORT_ dialin = policy cbpolicy = none
set user name = USERTEST1 dialin = policy cbpolicy = none
set user name = USERTEST2 dialin = policy cbpolicy = none
set user name = USERTEST3 dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.




# -----------------------------------------
# Remote Access AppleTalk Configuration
# -----------------------------------------
pushd ras appletalk

set negotiation mode = allow

popd

# End of Remote Access AppleTalk Configuration.



# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled
set rastracing component = "WZCTrace" state = enabled
set rastracing component = "WZCDLG" state = enabled
set rastracing component = "Wlpolicy" state = enabled
set rastracing component = "wavemsp" state = enabled
set rastracing component = "termmgr" state = enabled
set rastracing component = "tapisrv" state = enabled
set rastracing component = "tapi32" state = enabled
set rastracing component = "tapi3" state = enabled
set rastracing component = "SAINSTALL" state = enabled
set rastracing component = "RTM" state = enabled
set rastracing component = "Router" state = enabled
set rastracing component = "remrras" state = enabled
set rastracing component = "remotesp" state = enabled
set rastracing component = "RASUSER" state = enabled
set rastracing component = "RASTLSUI" state = enabled
set rastracing component = "RASTLS" state = enabled
set rastracing component = "RASTAPI" state = enabled
set rastracing component = "RASSPAP" state = enabled
set rastracing component = "RASPAP" state = enabled
set rastracing component = "RASMAN" state = enabled
set rastracing component = "RASIPHLP" state = enabled
set rastracing component = "RASIPCP" state = enabled
set rastracing component = "RASEAP" state = enabled
set rastracing component = "RASDLG" state = enabled
set rastracing component = "RASCHAP" state = enabled
set rastracing component = "RASCCP" state = enabled
set rastracing component = "RASBACP" state = enabled
set rastracing component = "RASAUTO" state = enabled
set rastracing component = "RASAUTH" state = enabled
set rastracing component = "RASAPI32" state = enabled
set rastracing component = "RADIUS" state = enabled
set rastracing component = "PPP" state = enabled
set rastracing component = "OneExSup" state = enabled
set rastracing component = "NETSHELL" state = enabled
set rastracing component = "NETMAN" state = enabled
set rastracing component = "NDPTSP" state = enabled
set rastracing component = "NAPMMC" state = enabled
set rastracing component = "MprDomain" state = enabled
set rastracing component = "KMDDSP" state = enabled
set rastracing component = "IPRouterManager" state = enabled
set rastracing component = "IPMGM" state = enabled
set rastracing component = "IPBOOTP" state = enabled
set rastracing component = "IGMPv2" state = enabled
set rastracing component = "IASSVCS" state = enabled
set rastracing component = "IASSDO" state = enabled
set rastracing component = "IASSAM" state = enabled
set rastracing component = "IASRECST" state = enabled
set rastracing component = "IASRAD" state = enabled
set rastracing component = "IASNAP" state = enabled
set rastracing component = "IASHLPR" state = enabled
set rastracing component = "IASACCT" state = enabled
set rastracing component = "h323msp" state = enabled
set rastracing component = "FWCFG" state = enabled
set rastracing component = "EAPOL" state = enabled
set rastracing component = "conftsp" state = enabled
set rastracing component = "confmsp" state = enabled
set rastracing component = "BAP" state = enabled

set modemtracing state = enabled

set cmtracing state = disabled

set securityeventlogs state = enabled


popd

# End of Remote Access Diagnostics Configuration.




# -----------------------------------------
# Remote Access IP Configuration
# -----------------------------------------
pushd ras ip

delete pool

set negotiation mode = allow
set access mode = all
set addrreq mode = allow
set broadcastnameresolution mode = enabled
set addrassign method = auto

popd

# End of Remote Access IP configuration.



# -----------------------------------------
# Remote Access IPX Configuration
# -----------------------------------------
pushd ras ipx

set negotiation mode = deny
set access mode = all
set nodereq mode = allow
set netassign method = autosame

popd

# End of Remote Access IPX configuration.




# -----------------------------------------
# Remote Access NBF Configuration
# -----------------------------------------
pushd ras netbeui

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access NBF configuration.




# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa

set authentication provider = windows
set accounting provider = windows

delete authserver name = *
delete acctserver name = *



popd

# End of Remote Access AAAA configuration.



netsh ras>
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK, I will analyze it and let you know. Give me some time :) Thanks
0
 
snyderkvAuthor Commented:
Holly snyckies it worked with those configuration settings above. I think it was the NTLMv2 reg key I added? That and I checked Bypass as you can see in the config (bypass allows users not to authenticate) I'm unchecking it (setting it to standard in netsh) to test it with authentication.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
that's great. So, you solved it yourself :)
0
 
snyderkvAuthor Commented:
Yup the logs show MSCHAPv2 authenticated and logon succeeded :)

Thanks for lettting me know we didn't need RADIUS. Saved us a bunch of time.

0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Thank you also :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.