purpose of IAS server (RADIUS)

  • Thread starter Thread starter Bonnie
  • Start date Start date
B

Bonnie

Hello,

I am trying to find out of the Internet Authenication
Service will authenticate users on the domain or just
allow them access to the LAN

Thanks -Bonnie
 
--------------------
From: "Bonnie" <[email protected]>
Subject: purpose of IAS server (RADIUS)
Date: Thu, 21 Aug 2003 07:27:13 -0700

Hello,

I am trying to find out of the Internet Authenication
Service will authenticate users on the domain or just
allow them access to the LAN

Thanks -Bonnie
Click to expand...
Hi Bonnie,

Yes, IAS will authenticate users on the domain AND can allow them access to the LAN.
Windows 2000 and Windows 2003 have some of the same feature sets, but Windows Server 2003 extends those somewhat.
Here are some links to some data about both:
IAS White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/ias.asp
- and -
Windows Server 2003 Security Guide.
http://www.microsoft.com/downloads/...familyid=8A2643C1-0685-4D89-B655-521EA6C7B4DB

I hope that helps.
--
Brian Pennington, MCSE, CCNA
Technical Lead
Microsoft Enterprise Platforms Support Networking Team.

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified
at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they
originated.
 
Well, I just set up the IAS Service and tested coming into
the Cisco VPN which then prompts me for my domain
useraname and password. It then contacts the IAS server
and authenticates me. But when I go to map a drive, it
still prompts me for a username and password and I am
unable to run the thin application I am trying to access.
You have to be logged in in order for this to work. I'll
read the white paper, but any other tips will be
appreciated.

Thanks,
Bonnie
-----Original Message-----

--------------------
Hi Bonnie,

Yes, IAS will authenticate users on the domain AND can allow them access to the LAN.
Windows 2000 and Windows 2003 have some of the same
Click to expand...
feature sets, but Windows Server 2003 extends those
somewhat.
Here are some links to some data about both:
IAS White Paper
http://www.microsoft.com/windows2000/techinfo/howitworks/c ommunications/remoteaccess/ias.asp
- and -
Windows Server 2003 Security Guide.
http://www.microsoft.com/downloads/details.aspx? displaylang=en&familyid=8A2643C1-0685-4D89-B655-
521EA6C7B4DB

I hope that helps.
--
Brian Pennington, MCSE, CCNA
Technical Lead
Microsoft Enterprise Platforms Support Networking Team.

This posting is provided "AS IS" with no warranties, and
Click to expand...
confers no rights. Use of included script samples are
subject to the terms specified
at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
Click to expand...
responses to this message are best directed to the
newsgroup/thread from which they
 
Since it appears the Cisco VPN device is authenticating to the IAS server, is the IAS policy setup to authenticate against domain groups?
A couple of more questions:
What credentials are the users logging onto the client station with? Domain cached credentials?
Are they creating and using those same domain credentials when connecting to the VPN?

Here's why I ask, if the client stations is Windows XP, there is a feature called Credential Manager (281660 Behavior of Stored User Names
and Passwords http://support.microsoft.com/?id=281660), that can and does Store Username and Password for verification against
resources.

So if for instance, you login to the client with a local machine account, connect the VPN with another account, only known to IAS and the
Cisco VPN, and then attempt to connect to a domain resource and provide another credential, those should all be stored by credman. It
sounds like this may be why you are being prompted so many times.

Thanks for responding.

--
Brian Pennington, MCSE, CCNA
Technical Lead
Microsoft Enterprise Platforms Support Networking Team.
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified
at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they
originated.
--------------------
 
Back
Top