• No results found

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Configuring Internet Authentication Service on Microsoft Windows 2003 Server"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

Windows 2003 / Enhanced

Introduction

This technote describes how to setup the Internet Authentication service (IAS) on a Microsoft Windows 2003 Server. This document walks the user through the steps to linking the SonicWALL security appliance and the IAS server up to respond on user authentications requests, and responds back with a filter-id, which can be used in rules and to VPN clients.

This document contains the following sections:

• Configuring the Windows 2003 Server for IAS to Support RADIUS Clients • Configuring the Windows 2003 Server for RADIUS User Management

• Configuring the SonicWALL Security Appliance to Support the Authentication Method

Tested Versions

SonicOS Enhanced 3.1.0.7

(2)

Configuring the Windows 2003 Server for IAS to Support RADIUS Clients

1. On the Windows 2003 Server, verify that you have applied the latest Service Pack and hotfixes. Also, verify that the

“Remote Access and Routing Service” is running.

2. Open the control panel on the Windows server, find the add and remove software from the list , select windows

components again find the Networking services and press details. Here you check Internet Authentication

service (screen shot below) and click OK.

3. After the installation, you can find the IAS under the administration tools. Start the IAS and select New RADIUS Client.

(3)

4. Enter the Name and IP of the SonicWALL security appliance the clients request could come from.

5. Select RADIUS Standard, (also the default option), enter a Shared secret. This shared secret is needed later on the SonicWALL security appliance, so note this for future reference.

(4)

6. Setup the access criteria for the users, right click on the Remote Access Policies and select New Remote Access Policy.

7. A wizard will emerge, click Next.

(5)

8. Select Set up a custom policy and enter a description for this access policy, click Next.

9. Click Add, a window with the different authentication criteria will pop up.

(6)

10. From this list, select Windows Groups, and click OK. By selecting Windows Groups, you can authenticate a user upon which group the user’s a member of in the Windows AD, or Windows user group.

11. Click Add, then select and find the Windows Group that the user should me member of, if he is to authenticate successfully. Click OK.

(7)

12. Here is how it should look. You could add more groups, but in this scenario we need to only be a member of one group, and we also need to send a specific filter-id back that represents this group on the SonicWALL security appliance.

13. Click Next.

(8)

14. This needs to be a Grant remote Access Permission policy. Click Next.

15. Click Edit Profile.

(9)

16. Select the Authentication tab, and uncheck any options except the Unencrypted authentication (PAP, SPAP).

17. Select the Advanced tab, and click Add.

(10)

18. A list of Attributes will appear, from this list we need the Filter-id option, Click Add.

19. In the subsequent windows, Add a text string that the IAS should send back to the SonicWALL security appliance along with a authentication successfully message. This text string should match a previous added User Group on the SonicWALL security appliance.

(11)

20. Enter the Group name (remark, it’s case sensitive) on the SonicWALL security appliance. And click OK.

21. Click OK.

That completes the IAS configuration. If you have other groups on the AD that needs different access, you can add more Remote authentication policies.

(12)

Configuring the Windows 2003 Server for RADIUS User Management

1. Navigate to the user management on the Windows 2003 Server, in here we have a few things to check and edit on the users that suppose to authenticate through the SonicWALL and IAS.

2. Select the Dial-in tab, and check the Allow access option.

(13)

3. Select the Member Of tab, and either add or check that the user is in the correct group, it should be the same group as you added in the IAS under Windows Groups.

This completes the configuration for User Management on the Windows 2003 Server.

(14)

Configuring the SonicWALL Security Appliance to Support the Authentication Method

1. Select the User menu, and select the settings item. Now select RADIUS at the Authentication Method and click Configure.

2. Enter the IP address of the IAS server, and enter the Shared Secret that you previously entered on the IAS.

(15)

3. In the RADIUS Users tab check the Use RADIUS Filter-ID attribute on RADIUS Server option, click Apply.

4. Navigate to the Test tab and enter the username and password of a user belonging to the SW group. It should now report back as the screen shot indicates below. As you can see in the Returned User Attributes box below, the SW text string is returned to the SonicWALL security appliance along with a ‘Succeeded’ message.

The SonicWALL can now use the derived group membership or user information within Access Rules, GroupVPN Policies, or for Content Filtering policy application. So as you can see this provides a very flexible and highly controllable way of handling access rights for each user in an already existing Windows AD.

Last Updated: August 2005

References

Download now ( PDF - 15 Page - 442.63 KB )

Related documents

Berkshire Announces In-Market Acquisition of Hampden Bancorp. November 4, 2014

Information about the directors and executive officers of Berkshire is set forth in the proxy statement for Berkshire’s 2014 annual meeting of stockholders, as filed with the SEC on

Linking relational coordination to nurses’ job satisfaction, affective commitment, and turnover intention in Saudi Arabia

For example, higher levels of synergistic communication have been associated with lower turnover intention among nurses (Apker, Propp, & Ford, 2009), while perceptions of

The experiences of ethnic minority MSM with NHS sexual health services in Britain

one of the following: white British, white Irish, white other, black Caribbean, black African, black other, black Caribbean and white, black African and white, Indian,

Introduction to Feeding and Care of Donkeys

 Donkeys have been compared to small ruminants in their ability to digest poor quality feeds, meaning feeds/forages that are high in fiber  Tend to think donkeys and mules

OKLAHOMA SPACE INDUSTRY DEVELOPMENT AUTHORITY

The goal of this business plan study and development is to make a comprehensive analysis to determine the potential high payoff ventures and the realistic opportunities in aviation

We have what you need to Succeed!

Telephone Services Unlimited sales staff and technicians are certified in all facets of the ESI, Comdial, and Key Voice product lines, including key and PBX telecommunications

Juniper SSL VPN Authentication QUICKStart Guide

This is section is specifically for adding a Filter-Id attribute to a Remote Access Policy within Windows 2003 Internet Authentication Service (IAS).. To add a new Network Policy

Energy performance of an exhibition hall in a life cycle perspective: embodied energy, operational energy and retrofit strategies

After that, the energy impacts of the retrofit strategies during the life cycle were assessed and compared with the energy savings in the use phase, allowing to calculate the