1 Windows 2003 / Enhanced Configuring Internet Authentication Service on Microsoft Windows 2003 Server Introduction This technote describes how to setup the Internet Authentication service (IAS) on a Microsoft Windows 2003 Server. This document walks the user through the steps to linking the SonicWALL security appliance and the IAS server up to respond on user authentications requests, and responds back with a filter-id, which can be used in rules and to VPN clients. This document contains the following sections: Configuring the Windows 2003 Server for IAS to Support RADIUS Clients Configuring the Windows 2003 Server for RADIUS User Management Configuring the SonicWALL Security Appliance to Support the Authentication Method Tested Versions SonicOS Enhanced Customers with current service/software support contracts can obtain updated versions of SonicWALL firmware from the MySonicWALL customer portal at https://www.mysonicwall.com. Updated firmware is also freely available to customers who have registered the SonicWALL device on MySonicWALL for the first 90 days.
2 Configuring the Windows 2003 Server for IAS to Support RADIUS Clients 1. On the Windows 2003 Server, verify that you have applied the latest Service Pack and hotfixes. Also, verify that the Remote Access and Routing Service is running. 2. Open the control panel on the Windows server, find the add and remove software from the list, select windows components again find the Networking services and press details. Here you check Internet Authentication service (screen shot below) and click OK. 3. After the installation, you can find the IAS under the administration tools. Start the IAS and select New RADIUS Client.
3 4. Enter the Name and IP of the SonicWALL security appliance the clients request could come from. 5. Select RADIUS Standard, (also the default option), enter a Shared secret. This shared secret is needed later on the SonicWALL security appliance, so note this for future reference.
4 6. Setup the access criteria for the users, right click on the Remote Access Policies and select New Remote Access Policy. 7. A wizard will emerge, click Next.
5 8. Select Set up a custom policy and enter a description for this access policy, click Next. 9. Click Add, a window with the different authentication criteria will pop up.
6 10. From this list, select Windows Groups, and click OK. By selecting Windows Groups, you can authenticate a user upon which group the user s a member of in the Windows AD, or Windows user group. 11. Click Add, then select and find the Windows Group that the user should me member of, if he is to authenticate successfully. Click OK.
7 12. Here is how it should look. You could add more groups, but in this scenario we need to only be a member of one group, and we also need to send a specific filter-id back that represents this group on the SonicWALL security appliance. 13. Click Next.
8 14. This needs to be a Grant remote Access Permission policy. Click Next. 15. Click Edit Profile.
9 16. Select the Authentication tab, and uncheck any options except the Unencrypted authentication (PAP, SPAP). 17. Select the Advanced tab, and click Add.
10 18. A list of Attributes will appear, from this list we need the Filter-id option, Click Add. 19. In the subsequent windows, Add a text string that the IAS should send back to the SonicWALL security appliance along with a authentication successfully message. This text string should match a previous added User Group on the SonicWALL security appliance.
11 20. Enter the Group name (remark, it s case sensitive) on the SonicWALL security appliance. And click OK. 21. Click OK. That completes the IAS configuration. If you have other groups on the AD that needs different access, you can add more Remote authentication policies.
12 Configuring the Windows 2003 Server for RADIUS User Management 1. Navigate to the user management on the Windows 2003 Server, in here we have a few things to check and edit on the users that suppose to authenticate through the SonicWALL and IAS. 2. Select the Dial-in tab, and check the Allow access option.
13 3. Select the Member Of tab, and either add or check that the user is in the correct group, it should be the same group as you added in the IAS under Windows Groups. This completes the configuration for User Management on the Windows 2003 Server.
14 Configuring the SonicWALL Security Appliance to Support the Authentication Method 1. Select the User menu, and select the settings item. Now select RADIUS at the Authentication Method and click Configure. 2. Enter the IP address of the IAS server, and enter the Shared Secret that you previously entered on the IAS.
15 3. In the RADIUS Users tab check the Use RADIUS Filter-ID attribute on RADIUS Server option, click Apply. 4. Navigate to the Test tab and enter the username and password of a user belonging to the SW group. It should now report back as the screen shot indicates below. As you can see in the Returned User Attributes box below, the SW text string is returned to the SonicWALL security appliance along with a Succeeded message. The SonicWALL can now use the derived group membership or user information within Access Rules, GroupVPN Policies, or for Content Filtering policy application. So as you can see this provides a very flexible and highly controllable way of handling access rights for each user in an already existing Windows AD. Last Updated: August 2005
Installation / Backup \ Restore of a Coffalyser.Net server database using SQL management studio This document contains instructions how you can obtain a free copy of Microsoft SQL 2008 R2 and perform the
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,
This release connector is deprecated. Use Kofax Capture and the appropriate Kofax Capture release script to release documents to a specific destination. KOFAX Front-Office Server 2.7 Configuration Guide
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
CHAPTER114 The window in Cisco Unified Communications Manager Administration allows the administrator to add, search, display, and maintain information about Cisco Unified Communications Manager end users.
Use QNAP NAS for Backup BACKUP EXEC 12.5 WITH QNAP NAS Copyright 2010. QNAP Systems, Inc. All Rights Reserved. V1.0 Document revision history: Date Version Changes Apr 2010 1.0 Initial release Note: Information
Zanibal Plug-in For Microsoft Outlook Installation & User Guide Version 1.1 Zanibal LLC Phone: +1-408-887-0480, +234-1-813-1744 Email: email@example.com www.zanibal.com Copyright 2012, Zanibal LLC. All
Microsoft Outlook: Beyond the Inbox 1. There are 3 types of Calendar items: Appointments: An appointment is a scheduled block of time that only involves you. The hours are blocked out on your schedule,
Richmond SupportDesk Web Reports Module For Richmond SupportDesk v6.72 User Guide Contents 1 Introduction... 4 2 Requirements... 5 3 Important Note for Customers Upgrading... 5 4 Installing the Web Reports
COMvantage Solutions Presents: Version 3.x Cloud based Document Management Guide to Setting up Docs2Manage using Cloud Services Docs2Manage Support: Email: firstname.lastname@example.org Phone: +1.847.690.9900
SIP Trunking using the Optimum Business Sip Trunk Adaptor and the 3CX PBX v12.5 Table of Contents 1. Overview 3 2. Prerequisites 3 3. PBX Configuration 3 4. Creating Extensions 4 5. VoIP Provider Setup
Service Desk Plus: User Guide Introduction ManageEngine ServiceDesk Plus is comprehensive help desk and asset management software that provides help desk agents and IT managers, an integrated console to
Migrating From Bobcat Mail To Google Apps (Using Microsoft Outlook and Google Apps Sync) This document is intended for those users moving from WVWC s Bobcat Mail system to the new Google Apps mail system
FLX VoIP Registering with Cisco UCM Date: May 15 th, 2012 This technical note gives a detailed description on how to register a Revolabs FLX conference phone with a Cisco Unified Communications Manager
Corporate Telephony Toolbar User Guide 1 Table of Contents 1 Introduction...6 1.1 About Corporate Telephony Toolbar... 6 1.2 About This Guide... 6 1.3 Accessing The Toolbar... 6 1.4 First Time Login...
ISA Server Plugins Setup Guide Secure Web (Webwasher) Version 1.3 Copyright 2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed,
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
Archive Add-in Administrator Guide RESTRICTION ON USE, PUBLICATION, OR DISCLOSURE OF PROPRIETARY INFORMATION Copyright 2011 McAfee, Inc. This document contains information that is proprietary and confidential
Charter Business Phone Online Control Panel Getting Started Guide Document Version 1.0 Table of Contents 1 About This Guide...4 2 Overview...5 2.1 Online Control Panel and Call Manager... 5 3 Manual and
Cloud Services for Backup Exec Planning and Deployment Guide Chapter 1 Introducing Cloud Services for Backup Exec This chapter includes the following topics: About Cloud Services for Backup Exec Security
MyTax Illinois Help General use information... 5 Install Adobe Reader... 5 Enable Pop-ups in My Browser... 5 Determine Your Current Browser... 6 Change Browser Font Size... 6 Browsers that You Can Use...
COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SSL VPN 5.0 User s Guide Table of Contents Using This Guide About this Guide......................................................
Reconfiguring VMware vsphere Update Manager vsphere Update Manager 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
Quick Start Guide Copyright Wasp Barcode Technologies 2014 No part of this publication may be reproduced or transmitted in any form or by any means without the written permission of Wasp Barcode Technologies.