[c-nsp] Lightweight Radius Server for small installation and Windows

Charles Wyble charles at thewybles.com
Wed May 6 13:36:38 EDT 2009


I agree.

I set this up with windows 2008 recently. My Linksys wireless router and 
my cisco 1841 authenticate to AD. I haven't hooked it up to a VPN yet 
but that's possible.

As for one time passwords, http://www.wikidsystems.com/community-version 
and http://directory.apache.org/

I don't know why they wouldn't want users using the AD environment 
that's in place. That's just ridiculous in my mind. Create a specific 
group for VPN users, but don't have another authentication database.

Ziv Leyes wrote:
> The cheapest solution is already there, Windows2003 server can act as a radius server, it doesn't have to use necessarily the same users, new users can be added to a special new group only for the VPN authentication.
> Also using the AD can be useful, the user can be set to have permission to access through VPN or not, so not every user in the system can connect.
> Cisco knows to interface with the above, so I don't see a reason to invest more money in another product.
> All they need is someone that is good enough with Win2003 server to make it happen, the Cisco part is the easiest once the radius is set.
> Hope this helps,
> Ziv
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marc Haber
> Sent: Wednesday, May 06, 2009 12:58 PM
> To: cisco-nsp
> Subject: [c-nsp] Lightweight Radius Server for small installation and Windows
> 
> Hi,
> 
> a small company is planning to deploy client VPN using the Cisco VPN
> client and an 1841 in their office. They have 50 employees, about 15
> of them mobile, a couple of Windows 2003 servers (no virtualization
> yet) and are mostly an all-windows shop. They neither want their users
> to authenticate to the VPN via their Windows password (which, to my
> knowledge, rules out authenticating against the AD), nor do they want
> to use the cisco command line to generate the user accounts on the
> 1841 itself.
> 
> Is there a lightweight, resource-easy Radius server for Windows which
> can be installed on one of the existing servers which has a clickable
> frontend for account management? It doesn't need to be end-user safe,
> the admins are going to manage the account, but they cringe at the
> thought of doing the "conf t; foo; copy running-config startup-config"
> dance.
> 
> Just in case, in which price range do the "cheapest"
> one-time-password-token authentication schemes start for this user
> count?
> 
> Any hints will be appreciated.
> 
> Greetings
> Marc
> 


More information about the cisco-nsp mailing list