Radius server in a DMZ, how to authenticate AD users ?

Discussion in 'Server Security' started by Pascal, Jun 12, 2007.

  1. Pascal

    Pascal Guest

    Hello,

    we have a wifi project and we would like to authenticate Active
    Directory users.

    Is there a way to add the Radius server in a DMZ without being member
    of the AD domain and authenticate the wifi users ?

    Do you know basic secure infrastructure for such a situation ?

    Thank you
     
    Pascal, Jun 12, 2007
    #1
    1. Advertisements

  2. Pascal

    S. Pidgorny Guest

    I must stress the fact that domain membership of the IAS server will be a
    requirement - the firewall considerations part of TechNet concerns a
    firewall between RADIUS clients (wireless APs and controllers) and IAS.

    There's no need to host IAS on DMZ.
     
    S. Pidgorny, Jun 13, 2007
    #2
    1. Advertisements

  3. Pascal

    Pascal Guest

    I must stress the fact that domain membership of the IAS server will be a
    Thank you for your answers.

    But is it really secure to join the radius to the domain ?
     
    Pascal, Jun 13, 2007
    #3
  4. Pascal

    S. Pidgorny Guest

    G'day:


    Basically you have to. The risk is that somebody will attempt to
    authenticate against the domain.
     
    S. Pidgorny, Jun 14, 2007
    #4
  5. Pascal

    S. Pidgorny Guest

    G'day:

    Overengineering, in my opinion. Do basic threat modeling: identify a
    scenario when a firewall between IAS and the rest of the domain will prevent
    successful attack. I struggle figuring out such scenario.
     
    S. Pidgorny, Jun 14, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.