|

Security Basics

radius server implimentation

View: New views

17 Messages — Rating Filter: Alert me

	radius server implimentation by ken zo :: Rate this Message: \| View Threaded \| Show Only this Message I'm looking into implementing a radius server that will do authentications for a Cisco VPN 3000 concentrator. I will also use that to configure all the Cisco Aironet 1200 access points to authenticate any wifi users. If possible, I would like to also be able to authenticate the users to a win2k3 active directory. NOT sure if this last part is possible. I'm wondering if any of you have done this and if you could give me some guidance. Thank you. _________________________________________________________________ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
	RE: radius server implimentation by Distler, Dennis :: Rate this Message: \| View Threaded \| Show Only this Message Ken, If you are looking for a Cisco product you should check out Cisco Secure ACS. Depending on your environment you may want ACS for Unix, ACS for Windows or the ACS appliance. Hope this helps. Thanks, Dennis -----Original Message----- From: ken zo [mailto:kenzo_chin@...] Sent: Wednesday, July 13, 2005 11:33 AM To: security-basics@... Subject: radius server implimentation I'm looking into implementing a radius server that will do authentications for a Cisco VPN 3000 concentrator. I will also use that to configure all the Cisco Aironet 1200 access points to authenticate any wifi users. If possible, I would like to also be able to authenticate the users to a win2k3 active directory. NOT sure if this last part is possible. I'm wondering if any of you have done this and if you could give me some guidance. Thank you. _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
	Re: radius server implimentation by nowen :: Rate this Message: \| View Threaded \| Show Only this Message If you have win2k3, you probably have MS Internet Authentication Server (IAS), which includes a radius server, which should do what you want. I believe it checks AD membership. ken zo wrote: > I'm looking into implementing a radius server that will do > authentications for a Cisco VPN 3000 concentrator. I will also use that > to configure all the Cisco Aironet 1200 access points to authenticate > any wifi users. If possible, I would like to also be able to > authenticate the users to a win2k3 active directory. NOT sure if this > last part is possible. > I'm wondering if any of you have done this and if you could give me some > guidance. > > Thank you. > > _________________________________________________________________ > Don’t just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor
	RE: radius server implimentation by Jeff Gercken :: Rate this Message: \| View Threaded \| Show Only this Message Why don't you try Microsoft IAS server. It's included with server 2000 & 2003 http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configura tion_example09186a0080094700.shtml http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configur ation_example09186a00801bd035.shtml Other options would be Cisco ACS, Funk RADIUS, or an open source RADIUS server. -Jeff -----Original Message----- From: ken zo [mailto:kenzo_chin@...] Sent: Wednesday, July 13, 2005 12:33 PM To: security-basics@... Subject: radius server implimentation I'm looking into implementing a radius server that will do authentications for a Cisco VPN 3000 concentrator. I will also use that to configure all the Cisco Aironet 1200 access points to authenticate any wifi users. If possible, I would like to also be able to authenticate the users to a win2k3 active directory. NOT sure if this last part is possible. I'm wondering if any of you have done this and if you could give me some guidance. Thank you. _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
	Re: radius server implimentation by kim.sassaman :: Rate this Message: \| View Threaded \| Show Only this Message Have you looked into freeradius? It is a unix based opensource application is very flexible. Thank you, Kim Sassaman CISSP
	Re: radius server implimentation by cygnuz1979 :: Rate this Message: \| View Threaded \| Show Only this Message Hi for AP just look at 802.1x using ias server from microsoft for radius, so register the server in AD; it worked for me with CISCO AP 1100 using user/pass or Digital certificates. Freeradius can do this with ntlm auth, but it is still beta if I remember well (if you try with this one give me links to some documention please!). Don't know for VPN concentrator, but I think it's not so different. Hope this help On 7/13/05, ken zo <kenzo_chin@...> wrote: > I'm looking into implementing a radius server that will do authentications > for a Cisco VPN 3000 concentrator. I will also use that to configure all the > Cisco Aironet 1200 access points to authenticate any wifi users. If > possible, I would like to also be able to authenticate the users to a win2k3 > active directory. NOT sure if this last part is possible. > I'm wondering if any of you have done this and if you could give me some > guidance. > > Thank you. > > _________________________________________________________________ > Don't just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > >
	RE: radius server implimentation by Steve Fletcher :: Rate this Message: \| View Threaded \| Show Only this Message That's more than possible, it's easy. Just use Internet Authentication Service (IAS) on a Win2k3 domain controller as your RADIUS server. While it might not be as robust as some of the third-party applications, it's included with Windows server. Hope this helps. Steve Fletcher MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+ safletcher@... -----Original Message----- From: ken zo [mailto:kenzo_chin@...] Sent: Wednesday, July 13, 2005 11:33 AM To: security-basics@... Subject: radius server implimentation I'm looking into implementing a radius server that will do authentications for a Cisco VPN 3000 concentrator. I will also use that to configure all the Cisco Aironet 1200 access points to authenticate any wifi users. If possible, I would like to also be able to authenticate the users to a win2k3 active directory. NOT sure if this last part is possible. I'm wondering if any of you have done this and if you could give me some guidance. Thank you. _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
	Re: radius server implimentation by Jeff Bender :: Rate this Message: \| View Threaded \| Show Only this Message Microsoft actually has a good article on PEAP, using Microsoft's IAS server for Radius against AD. Here is the link. http://www.microsoft.com/technet/security/topics/cryptographyetc/peap_0.mspx On 7/13/05, ken zo <kenzo_chin@...> wrote: > I'm looking into implementing a radius server that will do authentications > for a Cisco VPN 3000 concentrator. I will also use that to configure all the > Cisco Aironet 1200 access points to authenticate any wifi users. If > possible, I would like to also be able to authenticate the users to a win2k3 > active directory. NOT sure if this last part is possible. > I'm wondering if any of you have done this and if you could give me some > guidance. > > Thank you. > > _________________________________________________________________ > Don't just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > >
	Re: radius server implimentation by lohan.spies :: Rate this Message: \| View Threaded \| Show Only this Message I would suggest that you use Certificates with Win2K3 and IAS to authenticate your wireless users. Search for this document on the microsoft website: Securing_Wireless_LANs_with_Certificate_Services Authenticating your concentrator against the IAS (radius) server is straight forward!
	Re: radius server implimentation by peskytaco :: Rate this Message: \| View Threaded \| Show Only this Message Win2k3 can act as a RADIUS server. Look at Internet Authentication Service in Windows 2003 http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ias.mspx http://www.windowsnetworking.com/articles_tutorials/Wireless-Networking-Windows-2003.html www.windowsnetworking.com/pages/article_p.asp?id=407 Pe5syTac0 --------- Yum, Fish Tacos !!
	Re: radius server implimentation by secfocus :: Rate this Message: \| View Threaded \| Show Only this Message Win2k3 includes Internet Authentication Server, which is a RADIUS server. You can authorize IAS to authenticate users against AD. It's a relatively simple setup and I've used it before having a PIX authenticate users against an IAS box for VPN access.
	Re: radius server implimentation by igor-3 :: Rate this Message: \| View Threaded \| Show Only this Message Have you looked at freeRadius? http://www.freeradius.org/
	Re: radius server implimentation by veryanonymous :: Rate this Message: \| View Threaded \| Show Only this Message Well, Windows Server 2003 includes a RADIUS-compatible service, Internet Authentication Service (IAS), that can authenticate against Active Directory accounts. http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx
	Re: radius server implimentation by Anonymous-6 :: Rate this Message: \| View Threaded \| Show Only this Message Refer to Cisco's documentation on how to setup Radius. They even go into how to configure Microsoft's IAS. http://www.cisco.com/warp/public/471/cisco_vpn_msradius.pdf IAS will use AD for the account database. The one thing that is not in the Cisco document is that you need to make sure that the user account has "dial-in" permission granted as well as being a member of the AD group you setup in the Radius Policy.
	RE: radius server implimentation by Warren, John :: Rate this Message: \| View Threaded \| Show Only this Message We are using Steel Belted Radius to auth with a Cisco 3030. You can auth to a w2k3 AD with no problem. On 7/13/05, ken zo <kenzo_chin@...> wrote: > I'm looking into implementing a radius server that will do authentications > for a Cisco VPN 3000 concentrator. I will also use that to configure all the > Cisco Aironet 1200 access points to authenticate any wifi users. If > possible, I would like to also be able to authenticate the users to a win2k3 > active directory. NOT sure if this last part is possible. > I'm wondering if any of you have done this and if you could give me some > guidance. > > Thank you. > > _________________________________________________________________ > Don't just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > >
	RE: radius server implimentation by Stephane Auger :: Rate this Message: \| View Threaded \| Show Only this Message To follow up on the originial question, here's a little something I'd like to ask. I read from the other posts that IAS can be used to authenticate AD. Let's say you have more than one AD forest, no trusts. Is there a way to tell one AD controller to authenticate its users using the other AD's IAS without creating a trust? Stephane -----Original Message----- From: cygnuz1979 [mailto:cygnuz1979@...] Sent: July 14, 2005 4:19 AM To: security-basics@... Subject: Re: radius server implimentation Hi for AP just look at 802.1x using ias server from microsoft for radius, so register the server in AD; it worked for me with CISCO AP 1100 using user/pass or Digital certificates. Freeradius can do this with ntlm auth, but it is still beta if I remember well (if you try with this one give me links to some documention please!). Don't know for VPN concentrator, but I think it's not so different. Hope this help On 7/13/05, ken zo <kenzo_chin@...> wrote: > I'm looking into implementing a radius server that will do authentications > for a Cisco VPN 3000 concentrator. I will also use that to configure all the > Cisco Aironet 1200 access points to authenticate any wifi users. If > possible, I would like to also be able to authenticate the users to a win2k3 > active directory. NOT sure if this last part is possible. > I'm wondering if any of you have done this and if you could give me some > guidance. > > Thank you. > > _________________________________________________________________ > Don't just search. Find. Check out the new MSN Search! > http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > >
	RE: radius server implimentation by Raul Fuentes :: Rate this Message: \| View Threaded \| Show Only this Message CISCO PIX needs a RADIUS key when configured the aaa-server RADIUS (interface) host IP KEY timeout command. My question is where can I configure that "expected" key in the IAS server ??? Thanks in advance, Ing. Raúl Fuentes Gómez Coordinador de Proyectos Dirección de Informática tel. 5081-0929 rfuentes@...