Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Set up Windows Radius Server.

Posted on 2013-11-26
9
Medium Priority
?
464 Views
Last Modified: 2013-11-29
Set up Windows Radius Server.

http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication

I am looking at the link above.
In our environment we have 2 domain controllers. I wan to set up IAS as Radius server and set  up VPN appliance as Radius client.

I want user authentication to be validated by our domain controllers DC1 and DC2.
I wonder whether by ,just authorizing RADIUS server in AD will do the job, or I need somehow to individually add DC1 and DC2 to Radius server.

Any help will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 22

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 500 total points
ID: 39680017
the link provides setting up a radius Proxy to forward authentication requests to other Radius Servers - as a security measure. Most likely you wouldn't need that.

Authorizing the Radius server in AD will read users properties for both servers, so if DC1 is down - they still can authenticate using DC2
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1000 total points
ID: 39680309
Yes, you don't need to install the RADIUS service on a DC, but you can if you want to.  As long as the server where you install IAS/NPS is a member-server on the domain you want to authenticate users in you will be fine.
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 500 total points
ID: 39681074
And don't install two radius servers. Apparently there are special things you have to do if you want more than one to keep them in sync.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 1000 total points
ID: 39681660
...all you need to do is configure one server how you want it then export the AAA config using NETSH, then import into the second RADIUS server.  It's not a problem.  It's actually advisable to have more than one RADIUS for redundancy.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39681779
I think the issue I personally experienced was the lack of 3rd party trusted certs for those servers, so it was easier to just use one radius server in my environment.

http://technet.microsoft.com/en-us/library/jj200219.aspx
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39682081
You could have still used two RADIUS servers if you issued a cert to each IAS from your internal PKI.  I suspect you were using self-signed certs in your scenario?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39682120
Don't want to take over this question with my details, but basically radius2 (on dc2) was not authenticating anyone. I read about cert stuff and just killed it. radius1 is my dc1 anyway and it's a small office so if dc1 goes out I've got bigger problems.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39682264
Agreed we're stealing the thread... :-)
0
 

Author Closing Comment

by:jskfan
ID: 39685764
Thank you Guys
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question