02-15-2008 05:50 PM - edited 02-21-2020 10:20 AM
Hi
i was wondering if i can use my windows 2003 server for authentication instead of local AAA server
thanks
02-16-2008 07:46 AM
Hi Dmitry
Thanks for starting a new conversations with a new topic. This post will be usefull for askers who search for this topic in future.
Do you have IAS configured in win2003 server? If you have, please apply the "Microsoft Windows 2003 Server with IAS Configuration" chapter in following link, to define your ASA to IAS server.
Please notify me when you are done
Regards
02-16-2008 02:12 PM
i dont think i have that, is that a requirement for get this thing to work?
or is it an option? what other options is out there? i somehow though it'd be able to do authentication out of the box..
02-17-2008 08:19 AM
Yes. You need a RADIUS configured in server to make authentications. IAS (Ineternet Authentication Server) is RADIUS for Windows2003 family. This is a built-in feature so you can simply enable it via add/remove programs. Following is the guide from Microsoft KB
Install IAS
To install IAS:
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. In the Components list, click the words Networking Services (but do not select or clear its check box), and then click Details.
4. Click to select the Internet Authentication Service check box, and then click OK.
5. Click Next, and then click Finish.
6. In the Add/Remove Programs dialog box, click Close.
7. To start IAS, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.
Enable IAS to Authenticate Users in Active Directory
To register the IAS service in Active Directory:
1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.
2. On the Action menu, click Register Service in Active Directory.
3. Click OK to confirm the IAS registration in the local domain, and then click OK.
02-17-2008 09:06 AM
If using an ASA running 8.x, you can use LDAP authentication without the need for IAS.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml
08-05-2008 01:01 PM
Yes you can. Go to this link and it'll walk you right through it. The troubleshooting section is useful if you have problems. A word of advice is to pay close attention to the format and case of your LDAP DNs. Match it exactly with the output of the dsquery user -samid
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: