[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Radius Authentication
 Date:  Thu, 19 Aug 2004 15:19:57 -0700 (PDT)
On Thu, 19 Aug 2004, Curt Shaffer wrote:

> I had a quick question for anyone out there running a windows network
> behind m0n0. I have a multi site ipsec VPN set up and it is working
> great! The DC's are talking happily, the SQL is replicating happily,
> and DFS is working like a dream. Now I have the need to let some
> people in from home to run an application. Some are on dial up, some
> on cable,dsl etc. All different OSes from 98 to Macintosh. I only have
> 10 people that need in, so I want to keep it as administratively
> simple as possible (Mostly meaning that I don't want to have to put
> m0n0's at everyone's homes). So I was going to have them log in with
> PPTP to the m0n0's. I don't want them to use the same UN's and
> passwords as they do in the office, but I don't want them to have to
> re authenticate to access drives and such. My question is: If I have
> the PPTP from the m0n0 authenticate against the Radius on the servers,
> are those users considered authenticated users in the eyes of windows
> so that I can set the permissions on files/folders with the
> authenticated users group so they will not have to authenticate again?

I would think not.  RADIUS is just providing an authentication database
service, in this case to the PPP server.  Even if the DC somehow knew
about this, how would the credentials get passed to the client machine?

I'd expect the usual "log in to network" step to be needed after
establishing the link.  But this would only need to be done once for all
servers set up for "domain" security.

					Fred Wright