ozzy

We have a VPN-1 Edge firewall with around 20 remote VPN users. I'd like to avoid creating and managing all the users and passwords, so I was wondering if there was a way of authenticating user logins with their existing Active Directory accounts via RADIUS.

Anyone know if this can be done with this level of kit?

Stefan

David_Wallis

not tried it but have a look at http://www.microsoft.com/technet/pro...7823aa5e6.mspx

ozzy

Managed to figure it out. Firewall is basic to setup and IAS installs easily enough. You can then see the requests in the event log.

If anyone is even remotely interested I had to register the new IAS box in AD (just installing it on a DC isn't enough ). Then had to create a remote access policy to match the group membership for the user and set the authentication protocol to match the RADIUS proxy request from the firewall.

It's pretty simple once you know how

Stefan

David_Wallis

Im presuming you discovered the "RAS and IAS users group" and added the computer account of the machine running IAS into the group?

ozzy

There's an option under the IAS management called "register server in Active Directory". AFAIK, that's the bit which automatically sorts out the permissions for the RAS and IAS security group for that server.

Stefan

David_Wallis

you mean you clicked it and it worked, so you stopped pissing about

ozzy

Exactly