Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

Published byKristin Ramsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre."— Presentation transcript:

1 Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre

2 Today’s World Windows in the end user workstation Unix/Linux/FreeBSD at the central server

3 Authentication Infrastructure Windows authenticate through Active Directory Unix authenticates through LDAP

4 Problems faced Multiple domains, users need to be included/deleted in each one Users exist in both AD and LDAP Passwords are not synchronized

5 How to solve these problems Meta-Directory Replace GINA Windows authentication with a custom one

6 Meta-Directory Problems Not scalable for multiple domains Closed protocols, closed products Complex and hard administration and troubleshooting No open source solution

7 Case Study: Greek School Network 5000 domains (schools), central LDAP service Problems No scaling No scaling No deletes No deletes Too much load on the LDAP service Too much load on the LDAP service Too much overhead for domain administration Too much overhead for domain administration

8 pGina to the rescue Replace GINA with a highly configurable set of modules Support for LDAP,RADIUS,SQL Domain interaction (account creation on domains) Account caching (AD is queried before the modules) http://pgina.xpasystems.com/

9 RADIUS Advantages Decision point, not just a database Dynamic expansion, calculated values for returned attributes Accounting Delegated administration, multiple user databases available (LDAP,SQL,etc) Anonymous user support Special features: default/group profiles, user time quotas, login-time restrictions

10 RADIUS Problems A RADIUS server is needed A RADIUS server is needed RADIUS secret is stored on each workstation

11 RADIUS vs LDAP RADIUS is a decision point RADIUS provides accounting LDAP access may be restricted with RADIUS as frontend Powerful vs Simple (LDAP is just a database) RADIUS is an extra

12 Team Involvement pGina code patches mainly by Agis Andreou A large part of the radius plugin code

13 TODO List Add EAP-TTLS support for password transmission

14 Real Life Usage Used in the NTUA Library providing authentication to public workstations with positive results Scheduled to be used in the Greek School Network

15 Conclusions RADIUS can be a viable solution to provide (in combination with pGina) the framework for Windows AAA Secure, scalable, powerful solution

16 Thank you! Any questions?

Download ppt "Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre."

Similar presentations

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.

Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
ECS and LDAP Karen Krivaa Product Marketing Manager.

ECS and LDAP Karen Krivaa Product Marketing Manager.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.

Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
PDC Enabling Science Grid Security Research Olle Mulmo.

PDC Enabling Science Grid Security Research Olle Mulmo.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –

Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.

LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Sql Server Advanced Features MIS 424 Professor Sandvig.

Sql Server Advanced Features MIS 424 Professor Sandvig.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google