KB Home KB Home Back to all Knowledge Base Browse Knowledge Base Categories Printer Friendly Version Printer Friendly

How Do I Configure Microsoft IAS Server for RADIUS Server External Admin Authentication?
Knowledge Base ID: KB4463
Version: 3.0
Published: 07 Oct 2008
Updated: 07 Oct 2008
Categories: . NS-5GT
. NS-5XP
. NS-5XT
. NS-25
. NS-50
. NS-204
. NS-208
. NS-5200
. NS-5400
. Management (Admin)

Summary:
How Do I Configure Microsoft IAS Server for RADIUS Server External Admin Authentication?

Problem or Goal:

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

Your NetScreen device will need to be configured for RADIUS external admin authentication. For more information, go to How Do I Configure My Juniper Networks NetScreen Device for RADIUS Server External Admin Authentication?

To configure Microsoft IAS for RADIUS server external admin authentication, perform the following steps:

On the server, open the Internet Authentication Service.

Right-click Clients, and then click to select New Client.

Image of step two


From the Add Client dialog box, configure the following settings, and then click Next.

  • Friendly name: Enter the name of the NetScreen device.
  • Protocol: Click to select RADIUS.

Image of step three


From the Add RADIUS Client dialog box, in the Client address (IP or DNS) text box, enter the local IP address of the NetScreen device. In the Client-Vendor drop-down menu, verify that RADIUS Standard is selected.

In the Shared Secret text box, enter a shared secret and then confirm it.

Image of step four, five, and six

Click Finish.

Right-click Remote Access Policies, select New, and then click Remote Access Policy.

Image of step seven


From the Remote Access Policy dialog box, enter a policy friendly name, and then click Next.

Image of step eight


From the Add Remote Access Policy dialog box, click Add.

Image of step nine


From the Select Attribute dialog box, click to select Client-IP-Address, and then click Add.

Image of step ten


From the Client-IP-Address dialog box, enter the local IP address of the NetScreen device, and then click OK.

Image of step eleven


Click Next.

Image of step twelve



Click Grant remote access permission, and then click Next.

Image of step thirteen


Click Edit Profile.

Image of step fourteen


Click the Authentication tab.

Image of step fifteen and sixteen

Click to clear MS-CHAP v2, and MS-CHAP, and then click to select PAP, SPAP.

Click the Advanced tab, and then click Add.

Image of step seventeen


From the Add Attributes dialog box, click to select Vendor-Specific, and then click Add.

Image of step eighteen


From the Multivalued Attribute Information dialog box, click Add.

Image of step nineteen


Click to select Enter Vendor Code, and then enter 3224.

Image of step twenty and twenty-one

Click to select Yes. It Conforms., and then click Configure Attribute.

From the Configure VSA (RFC compliant) dialog box, configure the following settings:

  • Vendor-assigned attribute number: 1
  • Attribute format: Decimal
  • Attribute value: 4
noteFor information on the Vendor-assigned attribute number, go to What are the NetScreen Vendor Specific Attributes required for configuring RADIUS?. For information on the Attribute value, go to Differentiating between a User and an Administrator who has been authenticated via RADIUS.

Image of step twenty-two and twenty-three

Click OK.

Click OK.

Image of step twenty-four

Click OK.

Image of step twenty-five


Click Close.

Image of step twenty-six


Click OK.

Image of step twenty-seven


Click Finish.

Image of step twenty-eight



Purpose:
Troubleshooting

ASK THE KB
Question or KB ID:



RELATED TOPICS