Win 2003 + ASA 8.x authentication

Unanswered Question
Aug 1st, 2008
User Badges:

Hello guys,

I have a client that has a Win 2003 R2 server without AD installed. I have an ASA 5505 which is going to terminate the L2TP over IPSec tunnels (Win XP SP2 or later clients...hopefully). My question is what options do I have for authentication against the local SAM database? I read tons of documents and it seems that LDAP and Kerberos authentication require AD, NTLM can be used only with Web VPN for SSO (besides that it's deprecated in Win 2003 as far as I know) so the only option I've got is running IAS (part of the default packages coming with Win 2003 R2, not an additional soft, right?) and utilizing the local SAM, is that right?

There's a pretty nice article right here:

The only thing that bothers me is "The following groups are in this condition" window. What properties should a Win 2003 user group have so that it's eligible for use by the IAS service for authentication purposes? Also - has anyone deployed this setup, are there any non-obvious obstacles/problems that occur? I'm a little bit scared as my Win 2003 administration skills are not pretty good and don't wanna mess up something I cannot fix later.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thegrave2000 Fri, 08/01/2008 - 11:30
User Badges:

I've already read this. Do you notice the little "against Active Directory" thing in the title? My problem is that I have to do this against the local SAM database:)


This Discussion