[ previous ] [ next ] [ threads ]
 From:  "Jonathan Merrill" <milpo2717 at msn dot com>
 To:  "'Curt Shaffer'" <cshaffer at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Radius Authentication
 Date:  Mon, 23 Aug 2004 18:25:14 -0400
This has nothing to do with M0n0, but the approach I recommend to my clients
in situations similar to yours is to either use:

1.  A Citrix Secure Gateway solution via SSL.  Pricey, but very secure for
delivering apps securely and quickly to Internet-based users.  Integrated
with Citrix NFUSE (a free add-on) makes the solution a viable remote user
delivery system.

2.  A IIS-web based Windows Terminal Server for remote user applications.
Pretty cheap.  Purchase a 5-user terminal server license, setup port 3389 to
point to the terminal server.  Ensure a DNS entry exists so the web client
connects correctly.

Personally, I try to stay away from VPN due to poor feedback from my end
users regarding speed.

My 2 cents.


Jonathan Merrill
CCA, MCP, Net+

-----Original Message-----
From: Curt Shaffer [mailto:cshaffer at gmail dot com] 
Sent: Thursday, August 19, 2004 6:00 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Radius Authentication

I had a quick question for anyone out there running a windows network behind
m0n0. I have a multi site ipsec VPN set up and it is working great! The DC's
are talking happily, the SQL is replicating happily, and DFS is working like
a dream. Now I have the need to let some people in from home to run an
application. Some are on dial up, some on cable,dsl etc. All different OSes
from 98 to Macintosh. I only have 10 people that need in, so I want to keep
it as administratively simple as possible (Mostly meaning that I don't want
to have to put m0n0's at everyone's homes). So I was going to have them log
in with PPTP to the m0n0's. I don't want them to use the same UN's and
passwords as they do in the office, but I don't want them to have to re
authenticate to access drives and such. My question is: If I have the PPTP
from the m0n0 authenticate against the Radius on the servers, are those
users considered authenticated users in the eyes of windows so that I can
set the permissions on files/folders with the authenticated users group so
they will not have to authenticate again?
Thanks for all of your help

Curt Shaffer, MCP
Wireless/Network Specialist
Chilitech Internet Solutions
efax: 1-309-412-4809

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch