Hi Dennis,
I setup a couple of PIX515E's earlier this summer that pass authentication
using RADIUS to a MS Windows 2003 Domain Controller running the MS Internet
Authentication Service that is running Microsoft's version of its RADIUS
Server. Active Directory information is passed just fine and users
authenticate using their domain user login information. It has been very
stable actually. Just setup MS IAS and configure the PIX.
Jonathan Gauntt
_____
From: Dennis Dimka [mailto:dennis.dimka@manna.com]
Sent: Thursday, December 02, 2004 2:58 PM
To: 'Firewalls Securityfocus'
Subject: [Norton AntiSpam] PIX PPTP - Windows domain authentication
Hello;
Thank you to everyone who answered my PPTP/NAT Bypass question-very helpful
info from everyone.
My next question is simpler:
Is there a way to "pass through" Windows domain authentication through a
PPTP tunnel? Obviously, when VPN'd into a network, its like you're
physically plugged into the LAN, but not authenticated to a Windows domain
controller. While users can authenticate to LAN resources on a per-resource
basis (eg: accessing \\servername\share <file:///\\servername\share>
prompts you for credentials), it would be slick if there were a way to have
the user be more or less officially logged into the windows domain, either
automatically as part of the VPN session, or even manually.
Does RADIUS have this added feature? I understand that RADIUS is
traditionally for authentication without user accounts local to the PIX...
just wondering if it or IAS has some sort of feature that allows this to
happen.
Thanks in advance.
Dennis Dimka
Network Administrator
MFS, Inc.
dennis.dimka@manna.com
Desk: 651-905-7591
Mobile: 612-616-0817
Fax: 651-994-6594
