RADIUS authentication
Results 1 to 10 of 10

Thread: RADIUS authentication

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    RADIUS authentication

    Hi all,

    I was just wondering if there is a way to use RADIUS to authenticate Microsoft IIS clients without use MS ISA 2004...

    Any idea?

  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Hi,

    First of all ... It is a bit difficult to answer your question if you do not provide more info about what it is you want to know.

    For example :

    - Where do the requests for authentiaction come from ..they come from clients I know but which way do they take ...will they go over the RADIUS server ..are these RADIUS clients ..

    In order to help you you need to describe the problem your facing or elaborate about your question with more detail and examples if possible.

    Anyway ...

    A RADIUS client is typically a dial-in server, VPN server or wireless access point that sends user credentials and other connection details to a RADIUS server.
    So if you know that ten you know you need a RADIUS server ... now there is something called IAS and IAS =
    IAS is Microsoft’s implementation of a RADIUS server,
    ..
    IAS can authenticate a user against Active Directory ...

    So if you have a Domain member server configured with IAS like described in THIS
    article I think you might get what your asking for.

    But as I mentioned above , I don't really quite onderstand what you want to reach so I might be totally out of bounds with this answer.

    Anyway you'll learn a bit more about Radius and IAS , ISA if you read the article.

    Hope this is somewhat helpfull , I'm sure there are others here that will correct the mistakes I might have written down here or complete some things I forgot to mention.

    But once again please make your questions more complete if you want to reach a sattifying answer from the experts on this forum.

    gr33tz,

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Hi, first I would like to apologize because I didn't say anything (sorry for may rustic english). I've been traveling and I didn't have the chance to answer.

    Let's see the problem from different point of view... The problem is this:

    I have two microsoft web servers, on the same domain. To access to it in the internal network we use "integrated authentication" on both. One of this machines is serving the "Intranet" application (custom one) of the company, the other one is an OWA server. Until now they used to be independent applications, I mean that when someone wants to access to the mail just type "https://owa.domain.ext" and to the Intranet app "https://intranet.domain.ext". Now, the developers have introduced a section in the Intranet app which contains the webmail of the user, I mean, you can see your OWA page from this web application (kind of "frame" or whatever). The point is that since we use integrated authentication is working fine in the corporate network where ALL the machines are domain members. However, when you try to use this from a machine which is in the network BUT not in the domain it asks for the password twice, one for enter to the Intranet app and another time when yo try to access to the OWA "frame".

    I hope you understand me even my english!

    That I've tried here is to use ISAPI_rewrite adding a virtual directory in the Intranet app server which is "proxying" the virtual directory in the OWA server, using the same credentials you used to autheticate to the first server... But the only thing I get is an "Error 500" from the OWA....

    Well, I could explain here a lot of tests I've done on this, but I guess it's enough for now...

    Have one of you guys tried something similar?

    Thank you all.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    RADIUS probably won't help in your case. The browser will still "see" 2 different sites and will still ask for the password twice.

    Perhaps you'll need to use some sort of portal site. The portal will take care of the authentication. The other servers will be "behind" the portal and aren't "directly" accessable.

    Another option might be to use Passport.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Originally posted here by SirDice

    Perhaps you'll need to use some sort of portal site. The portal will take care of the authentication. The other servers will be "behind" the portal and aren't "directly" accessable.
    But how exactly can I do this...

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Have the OWA link from the intranet.domain.ext machine proxy the requests to owa.domain.ext for the user, so that the requests to the OWA appear to originate from the intranet machine (which I assume is in the domain)


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Originally posted here by Maestr0
    Have the OWA link from the intranet.domain.ext machine proxy the requests to owa.domain.ext for the user, so that the requests to the OWA appear to originate from the intranet machine (which I assume is in the domain)
    And once again I must say, how exactly I'm supposed to do this?

    Maestr0? Is that a spanish nick?

  8. #8
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Well, that depends, are you using IIS to serve the pages?

    (The nick isn't expressly Spanish or Italian but I think any latin based language speaker can relate. )

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  9. #9
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    A portal won't necessarily take care of the issue. It has to do with handing off the authentication. IIS won't do that, which is really a good thing. However, Maestr0's idea will probably work best. We are experiencing a similar issue with SharePoint portal server. If the servers/servicees were all on one machine, there probably wouldn't be a problem, but you have to do machine-to-machine authentication for what you described. So, you get the two authentication requests.

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Then is no solution for that? Is not possible use the same credentials to authenticate a session in two machines which are members of the same domain, in a way transparent to the user?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides