Re: IAS VPN authentication only grants access to domain if user has certificate

From: FenderAxe (fa_at_axe.com)
Date: 03/14/05

• Next message: FenderAxe: "Re: newbie question"
• Previous message: TD: "Re: authenticate proxy requests with AD computer accounts"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: IAS VPN authentication only grants access to domain if user has certificate"
• Messages sorted by: [ date ] [ thread ]

---

Date: 14 Mar 2005 04:32:31 GMT

If you are using IAS, the VPN server does not authenticate the user at all
-- the VPN server forwards the connection request to IAS, and IAS handles
the authentication of the user, and performs checks to see if the user is
authorized to connect to the network based on remote access policy
configuration and/or the dial-in properties of the user account in Active
Directory.

How this all works is documented in the IAS Technical Reference. You can
find that here:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techr
ef/en-
us/Default.asp?url=/resources/documentation/windowsServ/2003/all/techref/en
-us/W2K3TR_ias_intro.asp

<anonymous@discussions.microsoft.com> wrote in
news:704501c525fd$eeb59b80$a601280a@phx.gbl:

> The question is how does the non-PEAP (vpn connection)
> authenticate a certificate against AD?
>
> It seems that somehow the PEAP auth takes place even though
> it is not specified.
>
> So my question is at what point does the VPN connection use
> the certificate?
> The vpn checks against AD and allows connection based on
> username/password. IAS then obviously continues to check if
> the certificate is present. If it is the vpn user is logged
> in to the domain. This is the non-documented piece.
>
> Can someone explain?
>
>

x-- 100 Proof News - http://www.100ProofNews.com
x-- 3,500+ Binary NewsGroups, and over 90,000 other groups
x-- Access to over 1 Terabyte per Day - $8.95/Month
x-- UNLIMITED DOWNLOAD

---

• Next message: FenderAxe: "Re: newbie question"
• Previous message: TD: "Re: authenticate proxy requests with AD computer accounts"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: IAS VPN authentication only grants access to domain if user has certificate"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: VPN 3005 to IAS authentication failure... ... Call it something like "VPN Users" or similar. ... install IAS using the Add/Remove Programs icon in Control Panel. ... we can now configure the PIX firewall as a RADIUS client. ... Any user that should be allowed to authenticate on a VPN connection will ... (comp.dcom.sys.cisco) Re: VPN Broke ... So you're just trying to get the previous PPTP VPN connection to work again? ... I'd try re-running the Configure Remote Access wizard in the Server Mgmt ... test button to see if it can authenticate to IAS, ... (microsoft.public.windows.server.sbs) cant contact DC at logon ... I have an XP Pro user ... connection it also returns the same error. ... I can also use a VPN to authenticate through to the server. ... (microsoft.public.win2000.networking) VPN 3005 to IAS authentication failure... ... Getting the following error when trying to authenticate VPN 3005 to ... I am trying to setup IAS on 2003 box that is sitting behind Pix. ... I want the concentrator to authenticate group against internal db on ... Client-IP-Address = 192.168.150.25 (VPN private interface) ... (comp.dcom.sys.cisco) Re: VPN connect error 691 help - new postings ... The SBS connection connects but does not authenticate. ... I am glad to know the VPN session can be connected now. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2005-03