2 Replies Latest reply on Apr 20, 2010 10:28 AM by trymes

    RADIUS setup with Windows Server 2008

      Can anyone point me to a proper tutorial for authenticating PPTP against Windows Server 2008 RADIUS?

       

      This was working prior to upgrading to v4 of the SG firmware, but I wasn't ever confident it was well configured, and now it does not work at all. PPTP is working using local accounts.

       

      Tom

        • 1. Re: RADIUS setup with Windows Server 2008

          What is the result of "Test RADUIS Configuration" on the SnapGear? Can you submit some 'PPTPD' system log?

          If you have CHAP authentication on RADIUS server, try changing it to PAP. Also change the Required Encryption Level on SG to 'none' (VPN >> PPTP >> PPTP VPN Server).

          What is the username you are trying to connect with? Does it have VPN rights on the IAS server?

          Check if you have the PPTP group on SG with PPTP access permission (Users>Groups>Under User ACLs)

           

          If problem persists please contact support and submit a technical support report. Also take a Packet capture (Diagnostics >> Packet Capture) on the LAN interface with -s 1500 host a.b.c.d (where a.b.c.d is the IP address of RADIUS Server).

           

           

          Message was edited by: Smith Kumar on 20/4/10 10:51:07 PM IST
          1 of 1 people found this helpful
          • 2. Re: RADIUS setup with Windows Server 2008

            OK, again, maybe I'm a dolt, but this seems to be an area where the interface has changed significantly, but the documentation is lacking. To sum up, if you are having problems with authentication on PPTP using the 4.x firmware, check the following first:

             

            1.) If you are using Local Users, make sure that the user is assigned to a group that has PPTP access. It is no longer enabled at the user level and the administrators groups does not have PPTP rights by default.

            2.) If you are using RADIUS, Make sure that the Default Group is assigned as a group with PPTP access when you change the settings on the PAM page. If you leave it as "No Default Group" it will not work. Maybe there is a way to avoid this, but it sure isn't obvious.

            3.) Even though RADIUS is working, when you "Test RADIUS Configuration" on the RADIUS tab, a valid user might end up being denied. I don't know why, but a user that can successfully authenticate for PPTP shows up as Denied when testing the configuration. This is particularly annoying, as an improperly configured RADIUS setup fails in just the same way.

             

            Tom

             

             

            Message was edited by: trymes on 4/20/10 10:28:06 AM CDT