Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How Do I Configure Microsoft IAS Server for RADIUS Server External Admin Authentication?

0

0

Article ID: KB4463 KB Last Updated: 29 Jun 2010Version: 4.0
Summary:
How Do I Configure Microsoft IAS Server for RADIUS Server External Admin Authentication?
Symptoms:

Solution:

Note: This article applies to ScreenOS 4.0 and higher.

Your NetScreen device will need to be configured for RADIUS external admin authentication. For more information, go to How Do I Configure My Juniper Networks NetScreen Device for RADIUS Server External Admin Authentication?

To configure Microsoft IAS for RADIUS server external admin authentication, perform the following steps:

On the server, open the Internet Authentication Service.

Right-click Clients, and then click to select New Client.

Image of step two


From the Add Client dialog box, configure the following settings, and then click Next.

  • Friendly name: Enter the name of the NetScreen device.
  • Protocol: Click to select RADIUS.

Image of step three


From the Add RADIUS Client dialog box, in the Client address (IP or DNS) text box, enter the local IP address of the NetScreen device. In the Client-Vendor drop-down menu, verify that RADIUS Standard is selected.

In the Shared Secret text box, enter a shared secret and then confirm it.

Image of step four, five, and six

Click Finish.

Right-click Remote Access Policies, select New, and then click Remote Access Policy.

Image of step seven


From the Remote Access Policy dialog box, enter a policy friendly name, and then click Next.

Image of step eight


From the Add Remote Access Policy dialog box, click Add.

Image of step nine


From the Select Attribute dialog box, click to select Client-IP-Address, and then click Add.

Image of step ten


From the Client-IP-Address dialog box, enter the local IP address of the NetScreen device, and then click OK.

Image of step eleven


Click Next.

Image of step twelve


Click Grant remote access permission, and then click Next.

Image of step thirteen


Click Edit Profile.

Image of step fourteen


Click the Authentication tab.

Image of step fifteen and sixteen

Click to clear MS-CHAP v2, and MS-CHAP, and then click to select PAP, SPAP.

Click the Advanced tab, and then click Add.

Image of step seventeen


From the Add Attributes dialog box, click to select Vendor-Specific, and then click Add.

Image of step eighteen


From the Multivalued Attribute Information dialog box, click Add.

Image of step nineteen


Click to select Enter Vendor Code, and then enter 3224.

Image of step twenty and twenty-one

Click to select Yes. It Conforms., and then click Configure Attribute.

From the Configure VSA (RFC compliant) dialog box, configure the following settings:

  • Vendor-assigned attribute number: 1
  • Attribute format: Decimal
  • Attribute value: 4
noteFor information on the Vendor-assigned attribute number, go to What are the NetScreen Vendor Specific Attributes required for configuring RADIUS?. For information on the Attribute value, go to Differentiating between a User and an Administrator who has been authenticated via RADIUS.

Image of step twenty-two and twenty-three

Click OK.

Click OK.

Image of step twenty-four

Click OK.

Image of step twenty-five

Click Close.

Image of step twenty-six


Click OK.

Image of step twenty-seven


Click Finish.

Image of step twenty-eight



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search