«

Guys

I'm looking for a "free to use" RADIUS server I can use within my domain.
Does anyone have any recommendations

Thanks

Steve

"Steve Ray" <> wrote in
news:fefm9s$sql$:

> Guys
>
> I'm looking for a "free to use" RADIUS server I can use within my
> domain. Does anyone have any recommendations
>
> Thanks
>
> Steve
>
>

Are you looking to enable the "Internet Authentication Service" in Windows
Server 2003, or am I oversimplifying your need?

Its possible he doesn't know about IAS.And no I don't think you over
simplified his need. I'd reccomend IAS too, its a pretty solid solution.

--
..rev

"It is the mark of an educated man to be able to entertain a thought without
accepting it"
~Aristotle
..
"Red Swingline Stapler" <> wrote in message
news:Xns99C4559DC95A0nowaycom@207.46.248.16...
> "Steve Ray" <> wrote in
> news:fefm9s$sql$:
>
>> Guys
>>
>> I'm looking for a "free to use" RADIUS server I can use within my
>> domain. Does anyone have any recommendations
>>
>> Thanks
>>
>> Steve
>>
>>
>
> Are you looking to enable the "Internet Authentication Service" in Windows
> Server 2003, or am I oversimplifying your need?

"The Rev [MCT]" <> wrote in message
news:%...
> Its possible he doesn't know about IAS.And no I don't think you over
> simplified his need. I'd reccomend IAS too, its a pretty solid solution.


The OP has a stupid name.

Hey now.

--
..rev

"It is the mark of an educated man to be able to entertain a thought without
accepting it"
~Aristotle
..
"Briscobar" <> wrote in message
news:%23$...
>
> "The Rev [MCT]" <> wrote in message
> news:%...
>> Its possible he doesn't know about IAS.And no I don't think you over
>> simplified his need. I'd reccomend IAS too, its a pretty solid solution.
>
>
> The OP has a stupid name.
>

Hi

No I'm not looking to do this. I have 2 VLANS on site, each has its own
Windows 2003 domain (VLAN1 - Staff / VLAN2 - Students.

I am deploying wireless within the network and do no want to deploy wireless
access points per vlan. I'm interested in deploying a wireless VLAN (say
VLAN 3) and then authenticating the users into their relevant VLAN via
(possibly) RADIUS.

This means that users that are authenticated get their relevant AD settings
and users that do not / cannot authenticate only get a non routable IP range

Or maybe IAS can do this ? Would I need 1 IAS server per domain presumably

Hope this makes sense

Steve

"Red Swingline Stapler" <> wrote in message
news:Xns99C4559DC95A0nowaycom@207.46.248.16...
> "Steve Ray" <> wrote in
> news:fefm9s$sql$:
>
>> Guys
>>
>> I'm looking for a "free to use" RADIUS server I can use within my
>> domain. Does anyone have any recommendations
>>
>> Thanks
>>
>> Steve
>>
>>
>
> Are you looking to enable the "Internet Authentication Service" in Windows
> Server 2003, or am I oversimplifying your need?

"Steve Ray" <> wrote in
news:LEQOi.4326$:

> Hi
>
> No I'm not looking to do this. I have 2 VLANS on site, each has its
> own Windows 2003 domain (VLAN1 - Staff / VLAN2 - Students.
>
> I am deploying wireless within the network and do no want to deploy
> wireless access points per vlan. I'm interested in deploying a
> wireless VLAN (say VLAN 3) and then authenticating the users into
> their relevant VLAN via (possibly) RADIUS.
>
> This means that users that are authenticated get their relevant AD
> settings and users that do not / cannot authenticate only get a non
> routable IP range
>
> Or maybe IAS can do this ? Would I need 1 IAS server per domain
> presumably
>
> Hope this makes sense
>
> Steve
>
> "Red Swingline Stapler" <> wrote in message
> news:Xns99C4559DC95A0nowaycom@207.46.248.16...
>> "Steve Ray" <> wrote in
>> news:fefm9s$sql$:
>>
>>> Guys
>>>
>>> I'm looking for a "free to use" RADIUS server I can use within my
>>> domain. Does anyone have any recommendations
>>>
>>> Thanks
>>>
>>> Steve
>>>
>>>
>>
>> Are you looking to enable the "Internet Authentication Service" in
>> Windows Server 2003, or am I oversimplifying your need?
>
>
>

Your situation is a little over my head I believe, but this white paper
may explain everything for you:

http://download.microsoft.com/downlo...baa-4118-a246-
5d980f9a9085/ias_vlans.doc

For security sake the best option would be to set the Student network as a
perimeter network between the internet facing firewall and the internal
facing staff network firewall and using Radius or not implement a VPN
solution back to the Staff network for trusted connection. This is of course
assuming you have only one internet facing publicly addressable IP address
and that is the original reason your public and private networks were even
that close to each other.

If you have a router with two IP addresses facing the internet than leaving
the two networks completely separate would be best. As for wireless I would
recommend access points that do not in any way talk to both networks if you
can help it. Money shouldn't be a consideration when you consider a WAP can
be purchased for around $35USD with support with WPA/WPA2 (802.1x)

Good luck with this. I've actually implemented both of these solutions at
home and at work. At the office the public network and private network leave
separate internet feeds, not just separate IP's. We use two different
vendors for internet access so these two networks have no way to communicate
with one another. And at home I implemented a 3 layer network with 2 with
wireless and one without wireless, but all of which use the same internet
feed through a single public facing IP address.

If however you still decided you want to go with a Radius solution for
authentication you would need to use 2 Radius Servers, one for each domain,
and install a Radius Proxy and IAS can do this for you. I will not go into
it, but its not entirely complicated. A decent TechNet article can be found
here: http://tinyurl.com/2s4x7o

OR:
http://technet2.microsoft.com/window....mspx?mfr=true

--
..rev

"It is the mark of an educated man to be able to entertain a thought without
accepting it"
~Aristotle
..
"Steve Ray" <> wrote in message
news:LEQOi.4326$...
> Hi
>
> No I'm not looking to do this. I have 2 VLANS on site, each has its own
> Windows 2003 domain (VLAN1 - Staff / VLAN2 - Students.
>
> I am deploying wireless within the network and do no want to deploy
> wireless access points per vlan. I'm interested in deploying a wireless
> VLAN (say VLAN 3) and then authenticating the users into their relevant
> VLAN via (possibly) RADIUS.
>
> This means that users that are authenticated get their relevant AD
> settings and users that do not / cannot authenticate only get a non
> routable IP range
>
> Or maybe IAS can do this ? Would I need 1 IAS server per domain presumably
>
> Hope this makes sense
>
> Steve
>
> "Red Swingline Stapler" <> wrote in message
> news:Xns99C4559DC95A0nowaycom@207.46.248.16...
>> "Steve Ray" <> wrote in
>> news:fefm9s$sql$:
>>
>>> Guys
>>>
>>> I'm looking for a "free to use" RADIUS server I can use within my
>>> domain. Does anyone have any recommendations
>>>
>>> Thanks
>>>
>>> Steve
>>>
>>>
>>
>> Are you looking to enable the "Internet Authentication Service" in
>> Windows
>> Server 2003, or am I oversimplifying your need?
>
>