Re: IAS + Active Dirctory

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi,

thanks for the response.

is "Policy-Name = <undetermined> "

correct or should it say the poicy that i have created? If so how do you get
IAS to select that policy.

I only have one policy created.

THanks

"Nick Domukhovsky" wrote:

panda пишет:
Hi,

I have a Cisco PIX firewall with Windows 2000 with IAS and Windows 2003 with
the active directory.

I have setup the PIX to do RADIUS authentication. I have the following setup
on my IAS server.

Policy: Allow access if dial-in permission is enabled.
Time allowed: All the time (ie every box is selected)
Grant Remote access permission checked
Edit profile: Nothing checked
IP: server settings define policy checekd
Multilink: default to server settings checked
Authentication: Unencrypted Authentication checked
Encryption: No Encryption checked
Advanced: Framed-Prototcol/Radius Standard/PPP
Service-Type/Radius Standard/Framed


Under clients i have my Friendly name with client-vendor property set to
Radius Standard.

I have registered teh Active directory in IAS.

I get this in the event viewer:

User user was denied access.
Fully-Qualified-User-Name = domain name\user
NAS-IP-Address = 192.168.2.1
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = x.x.x.x
Client-Friendly-Name = OFTPIX
Client-IP-Address = 192.168.2.1
NAS-Port-Type = <not present>
NAS-Port = 43
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 16
Reason = There was an authentication failure because of an unknown user
name or a bad password.

Is there any known issue with Windows 2000 IAS with Windows 2003 Active
Directory?

Other wise what is the issue?

All works fine. You have some misconfiguration with policies and etc...

--
With best regards
Nickolay Domukhovsky, MCSA


.

Relevant Pages

  • Re: RADIUS (IAS) and Cisco Concentrator? (PDF Attachment)
    ... The order the radius statements in IOS will determine the order the ... IAS servers are checked. ... RADIUS client what policy to use? ... I'm not sure what this is, but if it refers to a secure authentication ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS Wireless policy
    ... I was able to get IAS to auth my laptop, ... I clicked Edit Profile, went to the authentication ... I clicked OK until I was back at the Connections to ... tab I just set the policy to Grant access, ...
    (microsoft.public.windows.server.sbs)
  • Re: IAS and remote DHCP server
    ... you can configure Cisco acces point to use IAS ... as the RADIUS server and use PEAP authentication for the clients. ...
    (microsoft.public.internet.radius)
  • Re: How to authenticate machine accounts with IAS
    ... I could see your point if IAS were checking this and refusing access to ... it is not checking the policy and allowing all machines access... ... >> SP2 clients, and a Win2K active directory along with IAS. ... >> access to in Active Directory Users and Computers. ...
    (microsoft.public.internet.radius)
  • Re: How to authenticate machine accounts with IAS
    ... You need to make sure that the policy to filter out these machines is on top ... little IAS can do since it processes the policies sequentially from the top ... >>> SP2 clients, and a Win2K active directory along with IAS. ... >>> dialin access to in Active Directory Users and Computers. ...
    (microsoft.public.internet.radius)