how to setup radius

8/7/2019 How to Setup RADIUS

1/19

source

UTM: How to setup RADIUS authentication with Microsoft IAS in SonicOS Standard

Answer/Article

Article Applies To:

Affected SonicWALL Security Appliance Platforms:

Gen4: PRO series: PRO 3060, PRO 2040, PRO 1260

Gen4: TZ series: TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless, TZ 150, TZ 150 W, TZ 150 Wireless

(RevB)

Firmware/Software Version: All SonicOS Standard versions.

Services: Radius authentication

Feature/Application:

This article illustrates the method to setup RADIUS authentication on the Sonicwall with SonicOS Standard

firmware, using Internet Authentication Service (IAS) Server on Microsoft Windows 2003 Server.

Deployment Steps:

This article contains the following sections:

Configuring the IAS Server to Support Radius Clients Configuring User Management for Radius Authentication in the Active Directory. Configuring the SonicWALL Security Appliance to Support the Authentication

Method.

Procedure:

Configuring the IAS Server to Support RADIUS Clients

Step 1 On the Windows 2003 Server, verify that you have applied the latest Service Pack and hotfixes. Also,verify that the Remote Access and Routing Service is running.

Step 2 Open Control Panel > Add or Remove Programs > Add/Remove Windows Components and find

Networking Services. Press Details and checkInternet Authentication Services and clickOK.


2/19

Step 3 Launch the IAS Console by clicking on Start > All Program> Administrative Tools > Internet

Authentication Service. The following IAS console will appear.

Step 4 Right click the RADIUS Clients folder in the left pane and select New RADIUS Client from the menu.

Step 5 Enter a Name for the new Radius client and enter the LAN IP Address of the SonicWALL.


3/19

Step 6 Select RADIUS Standard, (also the default option), enter a Shared Secret. This shared secret is needed

later on the SonicWALL security appliance, so note this for future reference.


4/19

Step 7 ClickFinish. The new client will appear as following:

Step 8 To setup the access criteria for users, right click on the Remote Access Policies and select New Remote

Access Policy.


5/19

Step 9 ClickNext on New Policy Wizard. Select Set up a custom policy radio button and then enter a name

for this policy.


6/19

Step 10 ClickAdd on the Policy Conditions window.

Step 11 From this list, select Windows Groups, and clickOK. By selecting Windows Groups, you can

authenticate a user who is a member of a User Group in the Windows AD.


7/19

Step 12 ClickAdd, then enter the Windows User Group that users should be member of. ClickOK.

Step 13 Here is how it should look. You could add more groups, but in this scenario we need to only be a member

of one group. ClickOK.


8/19

Step 14 Back on the New Remote Access Policy window, clickNext.

Step 15 Select the Grant remote access permission radio button under the option If a connection request


9/19

matches the specified conditions.

Step 16 On the Profile window click on the Edit Profile button


10/19

Step 17 The Edit Dial-in Profile window will appear. Click on the Authentication tab.


11/19

Step 18 Under the Authentication tab select MS-CHAP-V2, MS-CHAP and PAP as authentication method.


12/19

Step 19 The following message box appears, ClickNo on the help message box

Step 20 ClickNext on the Policy Window and then clickFinish to complete. The console show the new Remote

Access Policy. Ensure that the new oolicy has Order 1.


13/19

This completes the IAS configuration. If you have other groups on the AD that needs different access, you can add

more Remote authentication policies.

Configuring User Management for Radius Authentication in the Active Directory

Step 1 Open Active Directory Users and Computers and create the following user in the Users folder.


14/19

Step 2 Select the Dial-in tab, and check the Allow access option.


15/19

Step 3 Select the Member Oftab, and either add or check that the user is in the correct group, it should be the

same group as you added in the IAS under Windows Groups.


16/19

This completes the configuration for User Management in the Active Directory.

Configuring the SonicWALL Security Appliance to Support the Radius Authentication

Method

Step 1 Now we need to setup the SonicWALL for RADIUS authentication. Login to the SonicWALL Managemt

interface. Go to the Users tab and click on Settings. Select Use RADIUS for user authentication radio button and

clickConfigure.Step 2 Type in the IP address and the Shared Secret for the RADIUS server. The Shared Secret has to be identical

to the one entered in the Radius Client in IAS.


17/19

Step 3 Click on the Radius Users tab. Here select the appropriate check box to assign privileges to Radius users.

For eg., if Radius authentication is required for GVC connection, checkAccess from VPN client with XAUTH. If

Radius authentication is required for Internet Access checkAllow Internet access (when access is restricted). This

box would be greyed out unless Allow only authenticated users to access the Internet option is check under

Users > Settings.


18/19

Step 4 ClickApply and then click on the Test tab. Type in the domain user name and password and test the

authentication.


19/19

KBID 7783

Date Modified 2/25/2010

Date Created 2/25/2010

how to setup radius

Documents