Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1911
Views
0
Helpful
3
Replies

Using RADUIS with NT 4.0 PDC - allow ony specific users to access the net?

gappold
Level 1
Level 1

‎01-29-2003 01:52 PM - edited ‎03-10-2019 07:07 AM

What I want to accomplish, is to use RADIUS to authenticate users to the Inernet. I don't want all users to access the Internet, only a portion of them. I'm using a Pix 515 with 6.2 software. I have RADIUS installed on our NT 4.0 PDC. What I need to know is how do I allow some users to connect to the Internet, but not all users?

Do I need to install RADIUS on a different server and manage the userids on that server?

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎01-29-2003 05:54 PM

Set up authentication for traffic through the PIX as per http://www.cisco.com/warp/public/110/atp52.html

Then in Windows NT put all the users that you want to have Internet access into a specific NT group (create a new one if need be).

On ACS set it up to authenticate users to the external NT database. Add a Database Group Mapping, and map the Windows NT group that you just created to a particular ACS group. Map everyone else to the default group.

Now modify the default ACS group and in the Per User Defined Network Access Restrictions, check the Define IP-based access restrictions, make sure the table defines the Denied NAS's, then add the PIX in to the AAA Client section (use * in the Port and Address sections), and hit Enter to add it to the list.

This says that users in this ACS group (which is everyone EXCEPT the users you want to have Internet access), can't authenticate to the PIX, effectively denying them access through it.

0 Helpful

gappold
Level 1
Level 1
In response to gfullage

‎01-30-2003 06:18 AM

Thanks for the info.

How do I get ACS? We are a pretty small shop and I am doing the basic PIX Firewall configurations and I am not familiar with ACS. I looked on Cisco's site and found some info, but not on actually geting ACS.

I have NT 4.0, what version of ACS should I get?

Thanks again for your help, it is greatly appreciated.

Regards,

Gary

0 Helpful

smartin
Level 1
Level 1
In response to gappold

‎02-04-2003 06:59 AM

When I access a web site it ask me for "Http authentication" which is correct, when I use an Windows NT 4.0 ID & password that I setup it locks out the NT account.

HELP !!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents