Re: Can AD do what Radius can?

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Fri, 15 Dec 2006 10:01:25 -0600

---

"GNY" <geekfromny@xxxxxxxxx> wrote in message
news:1165596190.637194.215910@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Tomasz,

Thanks for the help.

So it should be broken down by say
Inbound request -> ASA/Radius Client -> IAS -> DC -> AD -> OU -> Groups
-> Users
then the computer we will restrict which groups have access to what.

makes sense?

Yes it does make sense.

IAS (RADIUS server) sends the requests for authentication
to AD (by default) and by matching a POLICY (time, group
memberhips, many other choices) it picks a PROFILE which
controls the call (timeouts, security encryption/authentication
methods required, many other settings.)

[AD in Win2000 (or Win2003) Native mode can also turn
over the basic "Grant/Deny" job to the Policy if you wish.]

RADIUS is great for 5 (or four depending on how you count)
cases:

1) Different owners of the access point and the accounts database
2) Different vendors of the access point and the accounts database
3) Relatively dumb access points (same as 2 by some count methods)
4) Placing services on different machines (e.g., to insert firewalls)
5) Consolidated policy/profile for many of same type or different
type firewalls.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

GNY


Tomasz Onyszko wrote:

LB wrote:

Hello ..

Can active directory do authentication and authorization? Similar to
that of what OpenRADIUS in Linux can do?

Active Directory can do authentication and authorization, and You are
looking for IAS (Internet Authentication Service) which is simply
Radius. This is service available in Windows 2003.

--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)

.

---

• Follow-Ups:
  • Re: Can AD do what Radius can?
    • From: GNY

• References:
  • Can AD do what Radius can?
    • From: LB
  • Re: Can AD do what Radius can?
    • From: Tomasz Onyszko
  • Re: Can AD do what Radius can?
    • From: GNY

• Prev by Date: Re: Head Office and Remote sites
• Next by Date: Re: Urgent - please help
• Previous by thread: Re: Can AD do what Radius can?
• Next by thread: Re: Can AD do what Radius can?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Radius (was: Can OpenVMS use Active Directory instead of UAF?) ... but I also have radius and anything that will keep me from ... modify it to allow authentication against an arbritray M$ domain. ... As to authenticating VMS users against an Active Directory domain; ... (comp.os.vms) Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco has made free software available to address this vulnerability. ... (Bugtraq) [Full-disclosure] Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco has made free software available to address this vulnerability. ... (Full-Disclosure) [NEWS] An Analysis of the RADIUS Authentication Protocol ... An Analysis of the RADIUS Authentication Protocol ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... (Securiteam) Help Adding Trusted Domain user to Trusting Domain Group ... We gave created a web application that uses AD for authorization and ... authentication. ... familiar with Active Directory). ... Add the found user object from Domain A to the group on Domain B ... (microsoft.public.dotnet.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2006-12