how to setup radius
TRANSCRIPT
-
8/7/2019 How to Setup RADIUS
1/19
source
UTM: How to setup RADIUS authentication with Microsoft IAS in SonicOS Standard
Answer/Article
Article Applies To:
Affected SonicWALL Security Appliance Platforms:
Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260
Gen4: TZ series: TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless
(RevB)
Firmware/Software Version: All SonicOS Standard versions.
Services: Radius authentication
Feature/Application:
This article illustrates the method to setup RADIUS authentication on the Sonicwall with SonicOS Standard
firmware, using Internet Authentication Service (IAS) Server on Microsoft Windows 2003 Server.
Deployment Steps:
This article contains the following sections:
Configuring the IAS Server to Support Radius Clients Configuring User Management for Radius Authentication in the Active Directory. Configuring the SonicWALL Security Appliance to Support the Authentication
Method.
Procedure:
Configuring the IAS Server to Support RADIUS Clients
Step 1 On the Windows 2003 Server, verify that you have applied the latest Service Pack and hotfixes. Also,verify that the Remote Access and Routing Service is running.
Step 2 Open Control Panel > Add or Remove Programs > Add/Remove Windows Components and find
Networking Services. Press Details and checkInternet Authentication Services and clickOK.
-
8/7/2019 How to Setup RADIUS
2/19
Step 3 Launch the IAS Console by clicking on Start > All Program> Administrative Tools > Internet
Authentication Service. The following IAS console will appear.
Step 4 Right click the RADIUS Clients folder in the left pane and select New RADIUS Client from the menu.
Step 5 Enter a Name for the new Radius client and enter the LAN IP Address of the SonicWALL.
-
8/7/2019 How to Setup RADIUS
3/19
Step 6 Select RADIUS Standard, (also the default option), enter a Shared Secret. This shared secret is needed
later on the SonicWALL security appliance, so note this for future reference.
-
8/7/2019 How to Setup RADIUS
4/19
Step 7 ClickFinish. The new client will appear as following:
Step 8 To setup the access criteria for users, right click on the Remote Access Policies and select New Remote
Access Policy.
-
8/7/2019 How to Setup RADIUS
5/19
Step 9 ClickNext on New Policy Wizard. Select Set up a custom policy radio button and then enter a name
for this policy.
-
8/7/2019 How to Setup RADIUS
6/19
Step 10 ClickAdd on the Policy Conditions window.
Step 11 From this list, select Windows Groups, and clickOK. By selecting Windows Groups, you can
authenticate a user who is a member of a User Group in the Windows AD.
-
8/7/2019 How to Setup RADIUS
7/19
Step 12 ClickAdd, then enter the Windows User Group that users should be member of. ClickOK.
Step 13 Here is how it should look. You could add more groups, but in this scenario we need to only be a member
of one group. ClickOK.
-
8/7/2019 How to Setup RADIUS
8/19
Step 14 Back on the New Remote Access Policy window, clickNext.
Step 15 Select the Grant remote access permission radio button under the option If a connection request
-
8/7/2019 How to Setup RADIUS
9/19
matches the specified conditions.
Step 16 On the Profile window click on the Edit Profile button
-
8/7/2019 How to Setup RADIUS
10/19
Step 17 The Edit Dial-in Profile window will appear. Click on the Authentication tab.
-
8/7/2019 How to Setup RADIUS
11/19
Step 18 Under the Authentication tab select MS-CHAP-V2, MS-CHAP and PAP as authentication method.
-
8/7/2019 How to Setup RADIUS
12/19
Step 19 The following message box appears, ClickNo on the help message box
Step 20 ClickNext on the Policy Window and then clickFinish to complete. The console show the new Remote
Access Policy. Ensure that the new oolicy has Order 1.
-
8/7/2019 How to Setup RADIUS
13/19
This completes the IAS configuration. If you have other groups on the AD that needs different access, you can add
more Remote authentication policies.
Configuring User Management for Radius Authentication in the Active Directory
Step 1 Open Active Directory Users and Computers and create the following user in the Users folder.
-
8/7/2019 How to Setup RADIUS
14/19
Step 2 Select the Dial-in tab, and check the Allow access option.
-
8/7/2019 How to Setup RADIUS
15/19
Step 3 Select the Member Oftab, and either add or check that the user is in the correct group, it should be the
same group as you added in the IAS under Windows Groups.
-
8/7/2019 How to Setup RADIUS
16/19
This completes the configuration for User Management in the Active Directory.
Configuring the SonicWALL Security Appliance to Support the Radius Authentication
Method
Step 1 Now we need to setup the SonicWALL for RADIUS authentication. Login to the SonicWALL Managemt
interface. Go to the Users tab and click on Settings. Select Use RADIUS for user authentication radio button and
clickConfigure.Step 2 Type in the IP address and the Shared Secret for the RADIUS server. The Shared Secret has to be identical
to the one entered in the Radius Client in IAS.
-
8/7/2019 How to Setup RADIUS
17/19
Step 3 Click on the Radius Users tab. Here select the appropriate check box to assign privileges to Radius users.
For eg., if Radius authentication is required for GVC connection, checkAccess from VPN client with XAUTH. If
Radius authentication is required for Internet Access checkAllow Internet access (when access is restricted). This
box would be greyed out unless Allow only authenticated users to access the Internet option is check under
Users > Settings.
-
8/7/2019 How to Setup RADIUS
18/19
Step 4 ClickApply and then click on the Test tab. Type in the domain user name and password and test the
authentication.
-
8/7/2019 How to Setup RADIUS
19/19
KBID 7783
Date Modified 2/25/2010
Date Created 2/25/2010