cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1511
Views
15
Helpful
5
Replies

Active Directory (Windows 2003) Authentication VPN Remote Client

alexus
Level 1
Level 1

Hi

i was wondering if i can use my windows 2003 server for authentication instead of local AAA server

thanks

5 Replies 5

husycisco
Level 7
Level 7

Hi Dmitry

Thanks for starting a new conversations with a new topic. This post will be usefull for askers who search for this topic in future.

Do you have IAS configured in win2003 server? If you have, please apply the "Microsoft Windows 2003 Server with IAS Configuration" chapter in following link, to define your ASA to IAS server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Please notify me when you are done

Regards

i dont think i have that, is that a requirement for get this thing to work?

or is it an option? what other options is out there? i somehow though it'd be able to do authentication out of the box..

Yes. You need a RADIUS configured in server to make authentications. IAS (Ineternet Authentication Server) is RADIUS for Windows2003 family. This is a built-in feature so you can simply enable it via add/remove programs. Following is the guide from Microsoft KB

Install IAS

To install IAS:

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.

3. In the Components list, click the words Networking Services (but do not select or clear its check box), and then click Details.

4. Click to select the Internet Authentication Service check box, and then click OK.

5. Click Next, and then click Finish.

6. In the Add/Remove Programs dialog box, click Close.

7. To start IAS, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

Enable IAS to Authenticate Users in Active Directory

To register the IAS service in Active Directory:

1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

2. On the Action menu, click Register Service in Active Directory.

3. Click OK to confirm the IAS registration in the local domain, and then click OK.

If using an ASA running 8.x, you can use LDAP authentication without the need for IAS.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

biztechcon
Level 1
Level 1

Yes you can. Go to this link and it'll walk you right through it. The troubleshooting section is useful if you have problems. A word of advice is to pay close attention to the format and case of your LDAP DNs. Match it exactly with the output of the dsquery user -samid command and you'll be fine. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: