• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN - Radius authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> VPN - Radius authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN - Radius authentication - 17.Jan.2011 5:17:15 PM   
dskj

 

Posts: 3
Joined: 17.Jan.2011
Status: offline
Hi
We use the TMG to publish OWA with Radius onetime passcode, and it works perfectly.
Now we also want to use TMG as our VPN server whit Radius onetime passcode, but it won't work.
To start we setup PPTP with windows authentication and it work, then we switch to use Radius,(the same Radius server as with the OWA) authentication is set to PAP,I can see on the Radius server that the passcode is accepted, and with netmon. i can see the reply back is ok, but the connection failed.
Can the TMG not use Radius ontime passcode for VPN?

_____________________________

dskj
Post #: 1
RE: VPN - Radius authentication - 18.Jan.2011 8:00:03 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

which Windows client are you using to connect VPN?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to dskj)
Post #: 2
RE: VPN - Radius authentication - 18.Jan.2011 8:34:38 AM   
dskj

 

Posts: 3
Joined: 17.Jan.2011
Status: offline
Hi

The windows client is windows 7
I don't think it is the client, because I can make an vpn connection
with just AD credentials, but not with Radius onetime pass code.

(in reply to paulo.oliveira)
Post #: 3
RE: VPN - Radius authentication - 18.Jan.2011 4:12:53 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

check if PAP is enabled on client machine: http://support.microsoft.com/kb/926170/en-us

Or try MS-CHAPv2.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to dskj)
Post #: 4
RE: VPN - Radius authentication - 18.Jan.2011 4:29:50 PM   
dskj

 

Posts: 3
Joined: 17.Jan.2011
Status: offline
Hi Paulo

I run PAP as the Radius only accept clear password, the trouble is possible that TMG radius is sending the passcode 3 time to the radius, can't see why.
Our OWA is also running with the radius ontime passcode, and it works.
Also try from XP client the same result, as soon I switch for no radius there is connection with PAP MS-Chap and V2.
It can be a bug in TMG Radius, I am stuck.

_____________________________

dskj

(in reply to paulo.oliveira)
Post #: 5
RE: VPN - Radius authentication - 18.Jan.2011 4:48:53 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

these two articles are intended for ISA, but I guess it should give you a clue:
http://www.isaserver.org/tutorials/ISA2004-RADIUS-Authentication-Web-Publishing-Rules-Part1.html

http://blogs.isaserver.org/pouseele/2006/12/26/playing-with-radius-authentication-and-isa-server-2006/

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to dskj)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> VPN - Radius authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts