Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active Directory (Windows 2003) Authentication VPN Remote Client

Hi

i was wondering if i can use my windows 2003 server for authentication instead of local AAA server

thanks

5 REPLIES

Re: Active Directory (Windows 2003) Authentication VPN Remote Cl

Hi Dmitry

Thanks for starting a new conversations with a new topic. This post will be usefull for askers who search for this topic in future.

Do you have IAS configured in win2003 server? If you have, please apply the "Microsoft Windows 2003 Server with IAS Configuration" chapter in following link, to define your ASA to IAS server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

Please notify me when you are done

Regards

New Member

Re: Active Directory (Windows 2003) Authentication VPN Remote Cl

i dont think i have that, is that a requirement for get this thing to work?

or is it an option? what other options is out there? i somehow though it'd be able to do authentication out of the box..

Re: Active Directory (Windows 2003) Authentication VPN Remote Cl

Yes. You need a RADIUS configured in server to make authentications. IAS (Ineternet Authentication Server) is RADIUS for Windows2003 family. This is a built-in feature so you can simply enable it via add/remove programs. Following is the guide from Microsoft KB

Install IAS

To install IAS:

1. Click Start, point to Settings, and then click Control Panel.

2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.

3. In the Components list, click the words Networking Services (but do not select or clear its check box), and then click Details.

4. Click to select the Internet Authentication Service check box, and then click OK.

5. Click Next, and then click Finish.

6. In the Add/Remove Programs dialog box, click Close.

7. To start IAS, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

Enable IAS to Authenticate Users in Active Directory

To register the IAS service in Active Directory:

1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Internet Authentication Service.

2. On the Action menu, click Register Service in Active Directory.

3. Click OK to confirm the IAS registration in the local domain, and then click OK.

Cisco Employee

Re: Active Directory (Windows 2003) Authentication VPN Remote Cl

If using an ASA running 8.x, you can use LDAP authentication without the need for IAS.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

New Member

Re: Active Directory (Windows 2003) Authentication VPN Remote Cl

Yes you can. Go to this link and it'll walk you right through it. The troubleshooting section is useful if you have problems. A word of advice is to pay close attention to the format and case of your LDAP DNs. Match it exactly with the output of the dsquery user -samid command and you'll be fine. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1

1079
Views
15
Helpful
5
Replies
CreatePlease login to create content