Using RADUIS with NT 4.0 PDC - allow ony specific users to access the net?
What I want to accomplish, is to use RADIUS to authenticate users to the Inernet. I don't want all users to access the Internet, only a portion of them. I'm using a Pix 515 with 6.2 software. I have RADIUS installed on our NT 4.0 PDC. What I need to know is how do I allow some users to connect to the Internet, but not all users?
Do I need to install RADIUS on a different server and manage the userids on that server?
Then in Windows NT put all the users that you want to have Internet access into a specific NT group (create a new one if need be).
On ACS set it up to authenticate users to the external NT database. Add a Database Group Mapping, and map the Windows NT group that you just created to a particular ACS group. Map everyone else to the default group.
Now modify the default ACS group and in the Per User Defined Network Access Restrictions, check the Define IP-based access restrictions, make sure the table defines the Denied NAS's, then add the PIX in to the AAA Client section (use * in the Port and Address sections), and hit Enter to add it to the list.
This says that users in this ACS group (which is everyone EXCEPT the users you want to have Internet access), can't authenticate to the PIX, effectively denying them access through it.
Re: Using RADUIS with NT 4.0 PDC - allow ony specific users to a
Thanks for the info.
How do I get ACS? We are a pretty small shop and I am doing the basic PIX Firewall configurations and I am not familiar with ACS. I looked on Cisco's site and found some info, but not on actually geting ACS.
I have NT 4.0, what version of ACS should I get?
Thanks again for your help, it is greatly appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...