We have a VPN-1 Edge firewall with around 20 remote VPN users. I'd like to avoid creating and managing all the users and passwords, so I was wondering if there was a way of authenticating user logins with their existing Active Directory accounts via RADIUS.

Anyone know if this can be done with this level of kit?

Stefan

 

not tried it but have a look at http://www.microsoft.com/technet/pro...7823aa5e6.mspx

 

Managed to figure it out. Firewall is basic to setup and IAS installs easily enough. You can then see the requests in the event log.

If anyone is even remotely interested I had to register the new IAS box in AD (just installing it on a DC isn't enough ). Then had to create a remote access policy to match the group membership for the user and set the authentication protocol to match the RADIUS proxy request from the firewall.

It's pretty simple once you know how

Stefan

 

Im presuming you discovered the "RAS and IAS users group" and added the computer account of the machine running IAS into the group?

 

There's an option under the IAS management called "register server in Active Directory". AFAIK, that's the bit which automatically sorts out the permissions for the RAS and IAS security group for that server.

Stefan

 

you mean you clicked it and it worked, so you stopped pissing about

 

Exactly