Re: Radius server in a DMZ, how to authenticate AD users ?

---

• From: Pascal <pascal_t@xxxxxxxxxxxxxxxxxx>
• Date: Wed, 13 Jun 2007 12:18:38 +0200

---

I must stress the fact that domain membership of the IAS server will be a requirement - the firewall considerations part of TechNet concerns a firewall between RADIUS clients (wireless APs and controllers) and IAS.

There's no need to host IAS on DMZ.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

<jwgoerlich@xxxxxxxxx> wrote in message news:1181685904.977575.66630@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

You can make the Radius/IAS server a domain member on a DMZ. See if
these two articles help:

Windows Server 2003 Technical Library > Planning for IAS as a RADIUS
Server
IAS as a RADIUS server security considerations
http://technet2.microsoft.com/windowsserver/en/library/bfa1451a-6f53-4792-98a0-00d10977fd2c1033.mspx?mfr=true

Securing IAS: IAS and firewalls
http://technet2.microsoft.com/windowsserver/en/library/bfa1451a-6f53-4792-98a0-00d10977fd2c1033.mspx?mfr=true

Regards,

J Wolfgang Goerlich

On Jun 12, 4:35 am, Pascal <pasca...@xxxxxxxxxxxxxxxxxx> wrote:

Hello,

we have a wifi project and we would like to authenticate Active
Directory users.

Is there a way to add the Radius server in a DMZ without being member
of the AD domain and authenticate the wifi users ?

Do you know basic secure infrastructure for such a situation ?

Thank you

--
Pascal

Thank you for your answers.

But is it really secure to join the radius to the domain ?

--
Pascal


.

---

• References:
  • Radius server in a DMZ, how to authenticate AD users ?
    • From: Pascal
  • Re: Radius server in a DMZ, how to authenticate AD users ?
    • From: jwgoerlich

• Prev by Date: Re: Radius server in a DMZ, how to authenticate AD users ?
• Next by Date: Re: Radius server in a DMZ, how to authenticate AD users ?
• Previous by thread: Re: Radius server in a DMZ, how to authenticate AD users ?
• Next by thread: Re: Radius server in a DMZ, how to authenticate AD users ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: VPN3005 IPSEC Access Control ... do you have an IAS RADIUS server in your forest? ... -- create an AD group called VPN Users ... (comp.dcom.sys.cisco) Re: help in using IAS as RADIUS Server ... Almost all Radius compliant clients are supported in IAS, ... > standard edition as RADIUS Server ... (microsoft.public.internet.radius) Re: How does IAS authenticate using Active Directory ... now since we now know that IAS needs to retreive the user's password ... > CHAP ID and CHAP username. ... > packet to the RADIUS server with the CHAP username as the User-Name ... (microsoft.public.internet.radius) Re: Newbe-IAS hardware configuration when authenticating web users against domain where web serv ... The ISA server does not examine the RADIUS traffic -- you simply configure ... The IAS proxy is configured as a RADIUS client ... (microsoft.public.internet.radius) Re: RADIUS (Simple Answer on How to Install it) ... On the 2003DC I've enabled RRAS and selected RADIUS ... our server under RRAS, I added the server name itself as a RADIUS ... Do I REALLY need IAS? ... I just want VPN through our CheckPoint firewall for 10 people and it's ... (microsoft.public.windows.server.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2007-06