07-11-2007 04:18 AM - edited 02-21-2020 10:18 AM
I'm trying to authenticate users on our VPN concentrator to use our Windows 2003 IAS RADIUS server but am having no luck.
If I goto Configuration > system > servers > authentication and test my Active Directory account it fails.
I am sure i have configured my IAS RADIUS server correctly, can anyone guide or help via this post or email?
let me know what info you need posted and I'll get straight back to you, I'm sure this can be done?
07-11-2007 08:44 AM
Hi Whiteford, r u using ASDM, somewhere somehow the authentication will fail if you are using the Test button key , make sure
you add the domain with the username when you are testing
username@domain
password
give it a try
of
DOMAIN\user
password
07-11-2007 11:13 AM
Still no luck the test button still fails, is there a tool I can test RADIUS with? ADSM? I only use that for a PIX not a concentrator.
What info can I give you, or can you give me?
I just want to allow a certain Active Directory security group VPN access via ISA RADIUS.
Hope you can help
07-31-2007 05:41 AM
I use 2003 AD/IAS for both ASA SSL and PIX IPSec VPN Client remote access but I haven't tried VPN Concentrator.
One setting to remember when creating account in 2003 AD, in the Dial-In tab under Remote Access Dial-in [or VPN] select "Allow Access", by default this is "Deny Access".
07-31-2007 01:39 AM
Here's how i set it up (PIX and ASA):
Windows 2003 Ent. IAS
Radius Clients:
Address: Internal IP Adress
Protocol: RADIUS
Type: RADIUS Standard
Request must contain ... attribute: disabled
Shared Secret: examplekey
Remote Access Policies:
Name: VPN Device
Conditions: (all AND)
Day-and-Time-Restrictions matches: full week
Windows-Groups-Matches:
NAS-IP-Address matches:
PIX/ASA:
AAA Server Groups:
Server Group RADIUS:
Server Name:
Interface Name: Inside
Timeout: 5 sec's
Server Authentication Port: 1645
Server accounting port: 1646
Retry Interval: 10 sec's
Server Secret Key: examplekey
common password:
ACL Netmask Convert: Standard
Then when i select the Radius Server and click Test> Authentication i can successfully authenticate accounts which are member of the AD group specified for
For diverse reasons i use 2 IAS servers on our network, but you have to keep them in sync manually.
Kind regards, hope it helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: