Authentication Setup; Setting Up Radius Authentication; Setting Up A Microsoft Ias Radius Server - Multitech RouteFinder RF850 User Manual

Scenario 3: "Microsoft-style Windows Network - not all valid users able to use proxy services"
You are running a Windows Domain controller or a standalone server on your network holding User
Accounts. Typically, this is also the case if you are running MS Exchange on your network, but not all of
your users should be able to use proxy services.
You should use RADIUS user authentication with Microsoft's IAS (Internet Authentication Server).
Scenario 4: "Unix or Netware Network"
You are running any other type of Network with a centralized user base.
In this case, you can use RADIUS user authentication; however, it is up to you to find a suitable
RADIUS server for your network type.
You can also use the "Local" user authentication, but you must re-define all your users in the
RouteFinder Web Front end.
Note: Many mixed scenarios are also possible. For example, you could have some local users being
able to use the SOCKS service, plus a RADIUS server authenticating users for the HTTP proxy service.

Authentication Setup

Choose one of the following setup methods.

Setting Up RADIUS Authentication

To set up RADIUS Authentication, first you need a RADIUS server on your network. The server can be
anywhere on the Internet, but keep in mind that passwords are transferred in clear text. Therefore, we
strongly recommend putting the RADIUS server somewhere near your RouteFinder and to use a
switched Network hub to connect them.
Choosing the RADIUS server is up to you. Below is some generic setup information.
The RouteFinder will send a RADIUS authentication packet with three fields:
1. Username
2. Password in plain text (PAP)
3. The proxy type ("http" or "socks") in the NAS-Identifier field based on these values, your RADIUS
server should just decide to grant or deny access.

Setting Up a Microsoft IAS RADIUS Server

This section explains how to set up a Microsoft IAS (Internet Authentication Server). IAS is delivered
with all Windows 2000 Server versions. However, it is often not installed by default.
1. Check if the IAS service is installed. If not, follow the rest of these steps.
Using 2000 User Manager, edit User Profiles of those users who have rights to proxy services.
2.
Set the "Dial-In Permission" flag. This is necessary since IAS uses the "master flag" to respond to
requests positively.
Create a new user group for each proxy service you wish to provide to your users. For clarity, give
3.
the groups descriptive names (for example, call the group "multitech _http_users").
Put the users in the newly created groups for using the respective proxy services.
4.
Enter the IAS administration interface at Start > Programs > Administrative Tools > Internet
5.
Authentication Service and add a new client using these settings:
Friendly Name: routefinder
Protocol:
Client Address: Use the address of the RouteFinder's interface pointing "towards" the
Client Vendor: RADIUS Standard. Uncheck the Client must always send signature
6. Go to the policy list. There is one pre-defined entry. Delete it. Add a new Policy for each proxy
service you wish to provide to your users. Choose a "Friendly Name" (i.e.; "SOCKS access").
7. On the next screen, add two conditions:
•
NAS-Identifier matches <string> (where <string> is the proxy identifier ("socks" or "http").
•
Windows-Groups matches <yourgroup> (where <yourgroup> is one of the newly created
user groups).
Note: You can add groups from the local machine or from Domains in which the RADIUS server is a
member. Specify the user name as <DOMAIN>\<USER> for authentication to succeed, if required.
Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E)
RADIUS
RADIUS server (this will be the "internal" interface for most people).
attribute box.
Select a shared secret. This is needed for the RouteFinder configuration.
Chapter 7 – User Authentication Methods
140