Re: Radius Server

---

• From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 16 Jun 2006 12:20:30 -0400

---

I use Cryptocard for 2-factor VPN authentication. Cryptocard has its own
RADIUS server. It'll integrate with IAS, but I don't see what value that
adds to the equation (seems like more complexity but not more security). I
also don't see what IAS with Windows Authentication adds to ordinary RRAS
VPN with Windows Authentication (other than that IAS will allow greater and
more granular control of access policies). These are questions, not
statements - I'm sure there must be a lot I'm missing here or people
wouldn't be doing these things.

You could use IAS with certificate-based authentication for VPN. I had
originally planned to do that, but ran out of time and went with Cryptocard
instead. It seems like with password based authentication, a weak password
to Windows is a week password to IAS, so unless you're using smart card or
other certificate-based auth, I don't get what's gained with IAS. Again,
not pretending to be any kind of an expert on this.

I use IAS for wireless authentication of domain computers, using the
procedure outlined in Owen Williams' document at
http://home.comcast.net/~clearviewtc/. This is really awesome for a wide
variety of reasons. Security is excellent, but functionality is the big
selling point for the users - these wireless laptops perform as they do with
a wired connection, including login scripts, drive mappings, etc. It's
two-way authentication, so your client PC won't authenticate a rogue access
point. IAS has great logging to the event log, which is another plus IMO.



"Elmo" <none@xxxxxxxx> wrote in message
news:5kqkg.12580$hN2.10150@xxxxxxxxxxx

Dave Nickason [SBS MVP] wrote:

What are you planning to use it for?

VPN clients, on site visitors with wireless devices.
--
-E-

.

---

• References:
  • Radius Server
    • From: -E-
  • Re: Radius Server
    • From: Dave Nickason [SBS MVP]
  • Re: Radius Server
    • From: Elmo

• Prev by Date: Re: Windows Mobile 5 and SSL Certs
• Next by Date: Re: Disk Config for Full SBS 2003 Install
• Previous by thread: Re: Radius Server
• Next by thread: How do I transfer a users MS Outlook settings
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: 802.1x authentication for wireless issues w/ ISA 2004 ... Implement 802.1X authentication with IAS as provided by microsoft. ... Configure ISA 2004 to use radius-authenication via IAS for VPN ... (microsoft.public.windows.server.sbs) Re: How do I deal with remote non domain PCs ... member file server, what would you use to authenticate? ... environment/Certificates or is IAS enough? ... When access clients attempt to connect through VPN PPTP connections and the ... network resources -- and IAS does not perform authentication when VPN users ... (microsoft.public.internet.radius) Re: RADIUS (IAS) and Cisco Concentrator? (PDF Attachment) ... The order the radius statements in IOS will determine the order the ... IAS servers are checked. ... RADIUS client what policy to use? ... I'm not sure what this is, but if it refers to a secure authentication ... (microsoft.public.windows.server.active_directory) RE: check group membership in Connection Request Policy ... The access request does not contain a valid user password, ... Authentication is done at the VPN3000, ... So what data does the VPN3000 send to the IAS? ... a custom IAS extension would be really a solution. ... (microsoft.public.internet.radius) Re: 802.1X/EAP authentication issue with XP client ... I also tried adjusting the IAS remote access policy framed MTU param ... client, same scenario, is not getting a successful authentication. ... or system event logs. ... (microsoft.public.internet.radius)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-06