|
Home > Archive > Radius Server > January 2004 > Authenticating domain users with IAS and RADIUS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Authenticating domain users with IAS and RADIUS
|
|
| =?Utf-8?B?Ui4gU3BlbmNlcg==?= 2004-01-24, 2:03 am |
| Our internal Novell NetWare network users currently obtain Internet access via authenication requests from our firewall to RADIUS running on a Novell NetWare server. We are migrating to a Microsoft Windows 2003 server domain and want to use IAS for authe
ntication, bypasssing the NetWare RADIUS and NDS entirely. The Novell servers will eventually be removed.
We installed IAS on a domain controller, registered it in AD and configured the firewall to be a RADIUS client. Only default settings for IAS were used. Our firewall was configured to send requests to the appropriate port on the IAS server. However, we
continue to receive "invalid user name or password" messages when domain users attempt to authenticate.
I have read several IAS configuration documents on the Microsoft knowledgebase, and still cannot confirm that I am even able to do authentication using this method, let alone verify that I have configured everything properly. Can someone offer some help
as to exactly how this authentication method must be set up?
| |
| Mudit Goel [MSFT] 2004-01-24, 2:03 am |
| Hi -
I am not completely sure what you are trying to solve here. From what I
understand, you are not sure if the users can be authenticated if a firewall
is forwarding the requests to IAS rather than directly talking to IAS. Is
that correct?
I would suggest doing the following steps:
1. If you suspect that it is the firewall that is preventing you from
authenticating the users, can you verify that authentication works without
firewall?
2. What is the error message logged in the eventviewer (invoked by typing
eventvwr on the commandline). Look under system for IAS requests.
If you are using the default settings in IAS, you should make sure that you
are using the same authentication methods on client and server. I think the
defaults on IAS are PEAP-MSChapV2; you will have to make sure that the
client is configured to use the same protocol to authenticate users.
Please do give some more details as to what exactly isn't working for you
and what the configuration of your server and client are. Also please
provide me with the error message from the eventviewer as indicated above.
Thanks,
Mudit
--
________________________________________
__________________
This posting is provided "AS IS" with no warranties, and confers no rights.
________________________________________
__________________
"R. Spencer" <spencerr(remove this)@hillsclerk.com> wrote in message
news:4E56D0AF-F44D-4060-9A3A-41BD2B68E2B4@microsoft.com...quote:
> Our internal Novell NetWare network users currently obtain Internet access
via authenication requests from our firewall to RADIUS running on a Novell
NetWare server. We are migrating to a Microsoft Windows 2003 server domain
and want to use IAS for authentication, bypasssing the NetWare RADIUS and
NDS entirely. The Novell servers will eventually be removed.quote:
>
> We installed IAS on a domain controller, registered it in AD and
configured the firewall to be a RADIUS client. Only default settings for
IAS were used. Our firewall was configured to send requests to the
appropriate port on the IAS server. However, we continue to receive
"invalid user name or password" messages when domain users attempt to
authenticate.quote:
>
> I have read several IAS configuration documents on the Microsoft
knowledgebase, and still cannot confirm that I am even able to do
authentication using this method, let alone verify that I have configured
everything properly. Can someone offer some help as to exactly how this
authentication method must be set up?
| |
| Ashwin Palekar\(MS\) 2004-01-24, 2:03 am |
| Hi, which authentication method is the firewall using (PAP or CHAP)? You
should see this information in the IAS event log
If it is PAP, then either the user-name or password is incorrect. Try it
with a valid domain\username and password.
If it is CHAP, then you have to configure the domain to store passwords in
reversibly encrypted form and then the passwords must changed. Refer to IAS
online help for instructions.
--
--
========================================
===================
This posting is provided "AS IS" with no warranties and confers no rights
========================================
===================
"Mudit Goel [MSFT]" <mgoel@online.microsoft.com> wrote in message
news:%238nt5Nv2DHA.3656@TK2MSFTNGP11.phx.gbl...quote:
> Hi -
>
> I am not completely sure what you are trying to solve here. From what I
> understand, you are not sure if the users can be authenticated if a
firewallquote:
> is forwarding the requests to IAS rather than directly talking to IAS. Is
> that correct?
>
> I would suggest doing the following steps:
> 1. If you suspect that it is the firewall that is preventing you from
> authenticating the users, can you verify that authentication works without
> firewall?
> 2. What is the error message logged in the eventviewer (invoked by typing
> eventvwr on the commandline). Look under system for IAS requests.
>
> If you are using the default settings in IAS, you should make sure that
youquote:
> are using the same authentication methods on client and server. I think
thequote:
> defaults on IAS are PEAP-MSChapV2; you will have to make sure that the
> client is configured to use the same protocol to authenticate users.
>
> Please do give some more details as to what exactly isn't working for you
> and what the configuration of your server and client are. Also please
> provide me with the error message from the eventviewer as indicated above.
>
> Thanks,
> Mudit
> --
> ________________________________________
__________________
> This posting is provided "AS IS" with no warranties, and confers no
rights.quote:
> ________________________________________
__________________
>
>
> "R. Spencer" <spencerr(remove this)@hillsclerk.com> wrote in message
> news:4E56D0AF-F44D-4060-9A3A-41BD2B68E2B4@microsoft.com...
access[QUOTE][color=darkred]
> via authenication requests from our firewall to RADIUS running on a Novell
> NetWare server. We are migrating to a Microsoft Windows 2003 server
domainquote:
> and want to use IAS for authentication, bypasssing the NetWare RADIUS and
> NDS entirely. The Novell servers will eventually be removed.
> configured the firewall to be a RADIUS client. Only default settings for
> IAS were used. Our firewall was configured to send requests to the
> appropriate port on the IAS server. However, we continue to receive
> "invalid user name or password" messages when domain users attempt to
> authenticate.
> knowledgebase, and still cannot confirm that I am even able to do
> authentication using this method, let alone verify that I have configured
> everything properly. Can someone offer some help as to exactly how this
> authentication method must be set up?
>
>
|
|
|
|
|