Solved

RADIUS required for RAS?

Posted on 2010-09-05
12
348 Views
Last Modified: 2012-05-10
EE,

Just wondering if RADIUS is required to use RAS. If not, does it help simplify the authentication process if you are having authentication issues?

Please explain
0
Comment
Question by:snyderkv
  • 6
  • 6
12 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33609141
Nope, RADIUS is not required for RRAS. Could you tell me please what is your need for RRAS? I would consider the best option for you. Thank you in advance.
0
 

Author Comment

by:snyderkv
ID: 33609317
Cool thanks. Basically, we have a machine from another non trusted domain data dialing into our domain via a modem (terminal) so they can use a program on our side.

We get authentication errors 20073 and 20187. I found various articles on the fix like NTLMv2 settings exc. I added the NTLMv2 compatibility reg key for MSChapv2. I have yet to try them all but we are currently working on it. Don't know why it's not authenticating even though they are using the correct username and password.

Would RADIUS help if it meant authenticating not to a DC but to the RADIUS server instead?
0
 

Author Comment

by:snyderkv
ID: 33609334
http://arstechnica.com/civis/viewtopic.php?f=17&t=261473
http://technet.microsoft.com/en-us/library/cc733649(WS.10).aspx
http://www.chicagotech.net/casestudy/Evenid20049.htm
http://support.microsoft.com/kb/823659

These are some of the things I have checked out and tried. They are the google results from my authentication errors in event viewer. Hopefully, thats not too off subject however, it may be good for someone who has beene experiencing the same issue.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609372
Is it possible to show me, how did you configure RRAS policy for them?
Thank you in advance.
I don't think so if RADIUS would solve authentication problem in this case. But we will see :)
0
 

Author Comment

by:snyderkv
ID: 33609425
I wiill try and get a netsh config dump and post what I can

Thanks again
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609442
Great, thanks :)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:snyderkv
ID: 33609515
This is all done in a test environment BTW before being deployed for real. These settings do not reflect current setup once proof of concept is completed.

# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = bypass
delete authtype type = PAP
delete authtype type = SPAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP

set user name = SUPPORT_ dialin = policy cbpolicy = none
set user name = USERTEST1 dialin = policy cbpolicy = none
set user name = USERTEST2 dialin = policy cbpolicy = none
set user name = USERTEST3 dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.




# -----------------------------------------
# Remote Access AppleTalk Configuration
# -----------------------------------------
pushd ras appletalk

set negotiation mode = allow

popd

# End of Remote Access AppleTalk Configuration.



# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled
set rastracing component = "WZCTrace" state = enabled
set rastracing component = "WZCDLG" state = enabled
set rastracing component = "Wlpolicy" state = enabled
set rastracing component = "wavemsp" state = enabled
set rastracing component = "termmgr" state = enabled
set rastracing component = "tapisrv" state = enabled
set rastracing component = "tapi32" state = enabled
set rastracing component = "tapi3" state = enabled
set rastracing component = "SAINSTALL" state = enabled
set rastracing component = "RTM" state = enabled
set rastracing component = "Router" state = enabled
set rastracing component = "remrras" state = enabled
set rastracing component = "remotesp" state = enabled
set rastracing component = "RASUSER" state = enabled
set rastracing component = "RASTLSUI" state = enabled
set rastracing component = "RASTLS" state = enabled
set rastracing component = "RASTAPI" state = enabled
set rastracing component = "RASSPAP" state = enabled
set rastracing component = "RASPAP" state = enabled
set rastracing component = "RASMAN" state = enabled
set rastracing component = "RASIPHLP" state = enabled
set rastracing component = "RASIPCP" state = enabled
set rastracing component = "RASEAP" state = enabled
set rastracing component = "RASDLG" state = enabled
set rastracing component = "RASCHAP" state = enabled
set rastracing component = "RASCCP" state = enabled
set rastracing component = "RASBACP" state = enabled
set rastracing component = "RASAUTO" state = enabled
set rastracing component = "RASAUTH" state = enabled
set rastracing component = "RASAPI32" state = enabled
set rastracing component = "RADIUS" state = enabled
set rastracing component = "PPP" state = enabled
set rastracing component = "OneExSup" state = enabled
set rastracing component = "NETSHELL" state = enabled
set rastracing component = "NETMAN" state = enabled
set rastracing component = "NDPTSP" state = enabled
set rastracing component = "NAPMMC" state = enabled
set rastracing component = "MprDomain" state = enabled
set rastracing component = "KMDDSP" state = enabled
set rastracing component = "IPRouterManager" state = enabled
set rastracing component = "IPMGM" state = enabled
set rastracing component = "IPBOOTP" state = enabled
set rastracing component = "IGMPv2" state = enabled
set rastracing component = "IASSVCS" state = enabled
set rastracing component = "IASSDO" state = enabled
set rastracing component = "IASSAM" state = enabled
set rastracing component = "IASRECST" state = enabled
set rastracing component = "IASRAD" state = enabled
set rastracing component = "IASNAP" state = enabled
set rastracing component = "IASHLPR" state = enabled
set rastracing component = "IASACCT" state = enabled
set rastracing component = "h323msp" state = enabled
set rastracing component = "FWCFG" state = enabled
set rastracing component = "EAPOL" state = enabled
set rastracing component = "conftsp" state = enabled
set rastracing component = "confmsp" state = enabled
set rastracing component = "BAP" state = enabled

set modemtracing state = enabled

set cmtracing state = disabled

set securityeventlogs state = enabled


popd

# End of Remote Access Diagnostics Configuration.




# -----------------------------------------
# Remote Access IP Configuration
# -----------------------------------------
pushd ras ip

delete pool

set negotiation mode = allow
set access mode = all
set addrreq mode = allow
set broadcastnameresolution mode = enabled
set addrassign method = auto

popd

# End of Remote Access IP configuration.



# -----------------------------------------
# Remote Access IPX Configuration
# -----------------------------------------
pushd ras ipx

set negotiation mode = deny
set access mode = all
set nodereq mode = allow
set netassign method = autosame

popd

# End of Remote Access IPX configuration.




# -----------------------------------------
# Remote Access NBF Configuration
# -----------------------------------------
pushd ras netbeui

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access NBF configuration.




# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa

set authentication provider = windows
set accounting provider = windows

delete authserver name = *
delete acctserver name = *



popd

# End of Remote Access AAAA configuration.



netsh ras>
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33609624
OK, I will analyze it and let you know. Give me some time :) Thanks
0
 

Author Comment

by:snyderkv
ID: 33609996
Holly snyckies it worked with those configuration settings above. I think it was the NTLMv2 reg key I added? That and I checked Bypass as you can see in the config (bypass allows users not to authenticate) I'm unchecking it (setting it to standard in netsh) to test it with authentication.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610015
that's great. So, you solved it yourself :)
0
 

Author Comment

by:snyderkv
ID: 33610320
Yup the logs show MSCHAPv2 authenticated and logon succeeded :)

Thanks for lettting me know we didn't need RADIUS. Saved us a bunch of time.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610439
Thank you also :)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now