From: Radioactive Frog (pbhatkoti@gmail.com)
Date: Wed Mar 28 2007 - 08:36:13 ART
I have been using for a while a free opensource based radius server called
"Free-Radius" for authenticating VPN users. you even don't need to download
it, it comes with the Fedora or redhat cd.
Frog
On 3/28/07, Sergey Golovanov <sergey.golovanov@iementor.com> wrote:
>
> IAS... Yuk! :) just keep in mind, that in certain situations when using
> chap or dhchap (mds san-os fcsp) password methods, you might need to enable
> windows policy feature called "store password using reversible encryption
> for all users in the domain". It's needed so that windows keeps the
> unencrypted version of the password for each user. By default, it's disabled
> and windows stores passwords using its own hashing algorithm. This feauture
> can be configured for the entire AD domain if the server is part of it, or
> you can enable it individually on each server. Go to cp > admin tools >
> local security policy > security settings > account policies > password
> policy and set the above mentioned feature to enabled. Right click on
> "security settings" and click reload. If you already have created user
> accounts, make sure to reset their passwords after enabling this password
> policy.
>
> In either case you can check if the problem exists by checking event
> viewer system log. You would see the "IAS" warning messages when
> authentication has failed because of this issue.
>
> -------------------------
> Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
> "Please, don't ask me for my ccie #, there are reasons why I can't release
> it"
> ieMentor Instructor and Content Developer
> www.iementor.com
>
> -----Original Message-----
> From: Sean.Zimmerman@clubcorp.com
> To: "Ye Tian" <emaomi@gmail.com>
> Cc: "ccielab@groupstudy.com" <ccielab@groupstudy.com>
> Sent: 3/27/07 9:00 PM
> Subject: Re: User Authentication Question
>
> If ACS is out of reach and you're not allergic to Microsoft products, you
> can run RADIUS on IAS for authentication. Should be a free add-on with
> W2k3 standard or better.
>
> Sean
>
>
>
> "Ye Tian" <emaomi@gmail.com>
> Sent by: nobody@groupstudy.com
> 03/27/2007 04:41 PM
> Please respond to
> "Ye Tian" <emaomi@gmail.com>
>
>
> To
> "ccielab@groupstudy.com" <ccielab@groupstudy.com>
> cc
>
> Subject
> User Authentication Question
>
>
>
>
>
>
> Hi,
>
> I want to use domain controller user database to authenticate Remote VPN
> user login. Could somebody show me the configuration on Cisco 1821 VPN
> router?
>
> Thanks!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART