Re: IAS Athentication via ODBC
From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 07/15/04
- Previous message: eppy: "PEAP-MSCHAPv2: Computer AND User authentication"
- In reply to: Steve White: "Re: IAS Athentication via ODBC"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 15 Jul 2004 15:55:00 -0700
"Steve White" <steve@dbscorp.net> wrote in
news:OUcEWqeaEHA.2016@TK2MSFTNGP09.phx.gbl:
> Thanks for re-posting. However, that paper talks about Logging
> (doing the accounting) what I am interested in is how to authenticate
> via an ODBC data source. I know I can log info via ODBC. My question
> is: can I authenticate with IAS with something other then SAM or
> Active Directory databases?
>
> If not....Can you add and delete users in Active Directory through a
> VB6 app running on workstations?
>
> All your help is greatly appreciated!
>
> Steve
>
> "James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in message
> news:Xns952671B013106jamesmcionlinemicros@207.46.248.16...
>> a@b.c wrote in news:ho73f0t16bqb07lbulu52aacmhc1l8hvj0@4ax.com:
>>
>> >
>> > James,
>> >
>> > Can you please repost your reply...my mail server says
>> > [ This message is no longer available.]
>> > when I try to open your message.
>> >
>> > Thanks,
>> > Steve
>>
>> Hi Steve --
>>
>> My message was:
>>
>> Please see the IAS SQL Server logging whitepaper at:
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4357F7-4070
>> - 4902-95F1-3AD411D963B2&displaylang=en
>>
>> --
>> James McIllece, Microsoft
>>
>> Please do not send email directly to this alias. This is my online
> account
>> name for newsgroup participation only.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
Ah, OK, sorry for the confusion. Yes, IAS is compatible with any LDAP-
compliant user accounts database.
I don't know whether you can add and delete users in Active Directory
through a VB6 app running on workstations. I do know that you can add and
delete users in AD from workstations if you install the Administrative
Tools Pack from the server CD and if you have sufficient permissions in the
domain. (I also know that you can write an application that can create and
delete user accounts, I'm just not sure about whether you can accomplish
this with VB6 as I am not a programmer. My instinct tells me you can, but
that is just a guess.)
If you want to use Windows Server 2003 IAS with a database that is not
LDAP-compliant you can, however you will need to write an IAS/RADIUS
authentication extension DLL that handles the authentication process.
Following is some basic info from a paper I am working on for Windows
Server 2003 that should give some ideas on how to do this. (Note: for
deeper explanations of unfamiliar concepts -- if there are any -- please
see the IAS Help and the IAS SDK at MSDN, which describes how to write a
RADIUS extension DLL. Thanks. :-))
Here's the text:
You can configure IAS for use with a third party user accounts database by
creating an authorization extension DLL (EAP or non-EAP, depending on the
authentication method you want to enforce for users); creating a new user
account on your IAS server; configuring a connection request policy on your
IAS server that maps all user accounts to one account on the IAS server;
and creating a remote access policy in IAS that authorizes accounts mapped
to the new account. To configure IAS for use with a third party user
accounts database, do the following:
Create an IAS extension authentication DLL:
Your IAS extension authentication DLL can use the following attributes:
-- ratProviderName. ratProviderName indicates the remote RADIUS server
group to which to forward the authentication request. ratProviderType is
read-only. If ratProviderType is a RADIUS proxy, the extension DLL can
change ratProviderName to indicate the remote RADIUS server group to which
the request should be forwarded.
-- ratClearTextPassword. To support third party user database use with
PEAP-MS-CHAP v2, the IAS extension authentication DLL retrieves the user
password from the third party user accounts database and sends this
information back to IAS.
If you are using PEAP-MS-CHAP v2, you must write an authentication
extension DLL to retrieve the password from the third party user account
database for the account ratUserName and return it in the attribute
ratClearTextPassword. The IAS extension authentication DLL must also keep
track of ratUniqueId. Once the password is retrieved for the ratUniqueId,
you do not need to retrieve the password again. If the account does not
exist, is disabled, or is expired, the reason code ratRejectReasonCode must
be sent back to IAS.
Install the IAS extension authentication DLL on the IAS server:
After you have created your IAS extension DLL, you must install the DLL on
your IAS server and configure DLL registry keys according to your needs. To
install your DLL, do the following:
-- Open Command Prompt and change directories to the folder that contains
your DLL.
-- Type the following: regsvr32 DLL_name.dll, where DLL_name.dll is the
name of your DLL file.
-- James McIllece, Microsoft Please do not send email directly to this alias. This is my online account name for newsgroup participation only. This posting is provided "AS IS" with no warranties, and confers no rights.
- Previous message: eppy: "PEAP-MSCHAPv2: Computer AND User authentication"
- In reply to: Steve White: "Re: IAS Athentication via ODBC"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
