IAS VPN authentication only grants access to domain if user has certificate
From: Jon Clark (ja1clark_at_yahoo.com)
Date: 03/08/05
- Next message: FenderAxe: "Re: Authenticate and Billing."
- Previous message: Thomas K: "IAS & Client Certificate Revocation Checking in an EAP-TLS environment"
- Next in thread: FenderAxe: "Re: IAS VPN authentication only grants access to domain if user has certificate"
- Reply: FenderAxe: "Re: IAS VPN authentication only grants access to domain if user has certificate"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Mar 2005 14:54:57 -0800
I have Cisco PIX setup to use IAS as the Radius server. IAS
is also configured for EAP authentication from a wireless AP.
Hence I have 2 clients specified (PIX and AP).
I have 2 remote access policies in this order.
1. check to see if client is 802.11 and request EAP
authentication
2. default policy that allows 24 hour access and uses CHAP
This all works fine - wireless users cannot connect to AP
w/o a user certificate.
VPN users are challenged with a username, password box
using Cisco VPN client.
I can vpn to the PIX using a machine without a user
certificate and it grants me access to the IP network but I
have to reauthenticate to any domain resource as
DOMAIN\username.
The Issue is: If I VPN from a machine that does have a
valid user certificate then it grants me access to the IP
network and the domain. This implies that the RADIUS has
authenticated AND AD has authenticated. How does this work
as I do not seen it in any documentation and obviously I am
not being given AD authentication w/o the certificate.
Rgds, Jon
- Next message: FenderAxe: "Re: Authenticate and Billing."
- Previous message: Thomas K: "IAS & Client Certificate Revocation Checking in an EAP-TLS environment"
- Next in thread: FenderAxe: "Re: IAS VPN authentication only grants access to domain if user has certificate"
- Reply: FenderAxe: "Re: IAS VPN authentication only grants access to domain if user has certificate"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
