Authenticating with Microsoft Active Directory

Add the following allow/accept rules to any firewall upstream from your RADIUS server:

- bay.sfo02.sputnik.com 206.223.158.4
- goldengate.sfo02.sputnik.com 206.223.158.5

NOTE: it is best to install IAS on your Active Directory primary server, however you can install in on any 2000/2003 or greater server that is a member of your Active Directory domain, as follows:

1.    Install IAS by going to Start -> Settings -> Control Panel -> Add/Remove Programs.

2.    Once the Add/Remove Programs window is open click the Add/Remove Windows Components Icon in the left side window.

3.    When the Windows Components Wizard window opens scroll down the list and highlight Networking Services and then click the Details button.

4.    Now check the box for Internet Authentication Services. Then click OK.

5.    When you get back to the Windows Components Wizard click next. IAS will then be installed. Click Finish when the installation is complete.

For more information about IAS see Microsoft TechNet documentation.

1.    Go to Start -> Programs -> Administrative Tools -> Internet Authentication Services.

2.    Once IAS is open you need to first register it with Active Directory. In the Left window highlight the Root of Internet Authentication Services then click on Action at the top menu and select "Register Server in Active Directory" from the drop down.
    
3. (Recommended.) Set "Address" to ns1.sputnik.com.

1.    In the left window, right click on the RADIUS Clients folder and select "New RADIUS Client" from the drop-down menu. This will open the New Client Wizard.

2.    Now you will need to enter a friendly name for the client. We use Sputnik.

3.    Enter the DNS name of the server. To verify a DNS name click the Verify button. Once verified click the Next button.

4.    For Client-Vendor select RADIUS Standard.

5.    Enter a pass phrase for the Shared secret and confirm it.

6.    When finished click the Finish button.

1.    In the left window click on Remote Access Policies. The right window will now display the default Access Policies.

2.    Right click on the "Connections to other access servers" policy and select Properties.

3.    Click the "Edit Profile" button.

4.    Go to the Authentication Tab. Check the box for "Unencrypted authentication (PAP, SPAP)".

5.    Click OK.

6.    At the bottom of the "Connections to other access servers" properties window change the "If a connection request matches the specified conditions:" to "Grant remote access permission" Then click OK.

1.    Log into SputnikNet.

2.    Click on "RADIUS" from the "Authentication" menu.

3.    Click "Add New Authentication System."

4.    Choose "RADIUS Module" from the "Select a module" pop-up menu.

5.    Supply an administrative and user-visible name and click "Save Changes". You should see your new RADIUS authentication system listed in the authentication system overview.

6.    Click on the name of your RADIUS authentication system to configure it.

7.    Click on "Edit Settings" from the "Authentication System" menu.

8.    Enter the DNS name of your RADIUS server. The Authentication and Accounting Servers are one and the same.

9.    Set the port for the Authentication Server to 1812 and the port for the Accounting Server to 1813. The Authentication and Accounting Secret will be the same as the Secret you set up for the RADIUS client in IAS.

10.    Set the RADIUS communications timeout to whatever you wish. We use 14000.

11.    When complete click the "Update" button.

12.    Click on "Captive Portals" from the "CONFIG" menu.

13.    Click on the name of the captive portal you wish to use with RADIUS authentication, or create a new one.

14.    Click on "Walled Garden and Authentication" from the "Captive Portal Properties" menu.

15.    Under "Authentication Systems" click the checkbox next to the name of your RADIUS authentication system.

16.    When finished click "Update".