Re: VPN access using Radius to trusted domain Windows 2003
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 11:53:09 -0800
Hi Dave --
If you are using Windows Server 2003 IAS as your RADIUS server, all you
need to do to enable it to proxy connection requests to other RADIUS
servers is configure a new connection request policy in IAS.(See the Help
section "Connection Request Processing" for more info at
http://technet2.microsoft.com/WindowsServer/en/Library/f5b33e36-2ca8-4b8e-
8251-8dfa1b587c6d1033.mspx)
In the CRP, you configure two basic things (in addition to whatever other
settings you want to apply in the policy):
-- A remote RADIUS server group. This tells the IAS server where to send
messages that meet the criteria of being from a user whose user account is
in Domain 2.
(http://technet2.microsoft.com/WindowsServer/en/Library/cccd7ee3-aeaa-4fb7-
a7ba-cf808e2e99801033.mspx)
-- A realm name configured in the policy that tells the IAS server which
messages to forward based on the user account location (e.g. the domain
where the user account is located), which is contained in the User-Name
attribute of the Access-Request message that IAS receives from the
NAS/RADIUS client.
(http://technet2.microsoft.com/WindowsServer/en/Library/6e5ce48d-e662-435c-
a74e-0dce305914ce1033.mspx)
Note that you must also configure the IAS server that will be proxying
messages to the remote RADIUS server group AS a RADIUS client on remote
RADIUS server group members that will be receiving and processing the
connection requests.
Thus the proxy side of the setup looks like this:
NAS/RADIUS client sends message to --> IAS proxy/RADIUS client that sends
message to --> IAS server in remote RADIUS server group.
"David Sack" <dsack@xxxxxxxxxxxxxxxxxx> wrote in
news:uSPQa$QLGHA.360@xxxxxxxxxxxxxxxxxxxx:
There is a trust in place between the domains. Where do I look for
the
proxy settings? On the client or the server?
Thanks
Dave
<prueconsulting@xxxxxxxxx> wrote in message
news:1139241529.787821.15700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Do you have both domains set up with Trust Relationships at all ?
If so then you can proxy it through to the other domain without issue
Because if therer
David Sack wrote:
We have a watchguard firewall that is using Radius to authenticate
users using radius at our main facility. Everything is working
well. We have a
second office connected to the first via a T-1. I would like to
authenticate to be able to have users use the firebox to be able to
authenticate to the second trusted domain.
Is there a way to have the radius at the first site query the
second
sites
Radius and authenticate the user? We are using Windows 2003 SP1 at
both facilities.
Thanks
Dave
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- VPN access using Radius to trusted domain Windows 2003
- From: David Sack
- Re: VPN access using Radius to trusted domain Windows 2003
- From: prueconsulting
- Re: VPN access using Radius to trusted domain Windows 2003
- From: David Sack
- VPN access using Radius to trusted domain Windows 2003
- Prev by Date: Re: Cisco w/IAS Radius in Windows 2003 SP1?
- Previous by thread: Re: VPN access using Radius to trusted domain Windows 2003
- Next by thread: How to enable user to the proper privilege prompt after he login
- Index(es):
Relevant Pages
|
