Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

Slides:



Advertisements
Similar presentations
Prepared by Dept. of Information Technology & Telecommunication, May 1, 2015 DoITT Identity Management Security, Provisioning, Authentication.
Advertisements

ECS and LDAP Karen Krivaa Product Marketing Manager.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Adding scalability to legacy PHP web applications Overview Mario A. Valdez-Ramirez.
PDC Enabling Science Grid Security Research Olle Mulmo.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Streamlining Support and Management through the Implementation of Active Directory Educause 2003 Mid-Atlantic Regional Gale D. Fritsche –
LDAP Management at Stony Brook Making Active Directory and PeopleSoft Work Together SUNY Technology Conference Rochester, New York Monday June 12, 2006.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Sql Server Advanced Features MIS 424 Professor Sandvig.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Module D Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson Education, Inc. Publishing as Prentice Hall.
Automated Computer Account Management in Active Directory June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram.
User Management in LHCb Gary Moine, CERN 29/08/
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
INTRODUCTION What is a Web-Enabled Database? Problem and its Importance Two-tier Architecture Three-tier Architecture Need for a compatible centralized.
1 st LDAP Conference 2007, Köln Germany 6-7 September 2007 Moving LDAP Writes to Web Services Kostas Kalevras National Technical University of Athens,
SQL Server Security By Mattias Lind For PASS Security VC.
Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.
Brian Arkills Software Engineer, LDAP geek, AD guy, Chief Troublemaking Officer Windows HiEd Conference 2006 Managed Workstations: UW Nebula.
Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers
1 Chapter Overview Introducing Replication Planning for Replication Implementing Replication Monitoring and Administering Replication.
10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.
Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.
Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
CMap Version 0.16 Ben Faga. CMap CMap Version 0.16 Bug fixes and code optimizations More intuitive menu system Asynchronous loading of comparative map.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
Scaling RADIUS to Support a Nationwide Network Access Infrastructure Kostas Kalevras NTUA Network Operations Centre.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Three Managing Recipients.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Integrating multiple wireless access control schemes at NTUA Spiros Papageorgiou, Christos Siaterlis NOC/NTUA.
1 Overview of Microsoft Windows 2000 Multipurpose OS Reduces total cost of ownership (TCO)
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Module 1: Introduction to Windows 2000 and Networking.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,
© Copyright Nanda Ganesan1 CHAPTER NT Domains. © Copyright Nanda Ganesan2 Chapter Objectives Give an overall picture of the NT networking architecture.
Virtual Directory Services and Directory Synchronization May 13 th, 2008 Bill Claycomb Computer Systems Analyst Infrastructure Computing Systems Department.
Stop Those Prying Eyes Getting to Your Data
Active Directory Management Software Borna
Microsoft List Schedule April – May 2016
PLM, Document and Workflow Management
Module Overview Installing and Configuring a Network Policy Server
ACTIVE DIRECTORY ADMINISTRATION
Active Directory Fundamentals
Comparison June 2017.
The Globus Toolkit™: Information Services
Chandler and Higher Education
Windows Active Directory Environment
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Presentation transcript:

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre

Today’s World Windows in the end user workstation Unix/Linux/FreeBSD at the central server

Authentication Infrastructure Windows authenticate through Active Directory Unix authenticates through LDAP

Problems faced Multiple domains, users need to be included/deleted in each one Users exist in both AD and LDAP Passwords are not synchronized

How to solve these problems Meta-Directory Replace GINA Windows authentication with a custom one

Meta-Directory Problems Not scalable for multiple domains Closed protocols, closed products Complex and hard administration and troubleshooting No open source solution

Case Study: Greek School Network 5000 domains (schools), central LDAP service Problems No scaling No scaling No deletes No deletes Too much load on the LDAP service Too much load on the LDAP service Too much overhead for domain administration Too much overhead for domain administration

pGina to the rescue Replace GINA with a highly configurable set of modules Support for LDAP,RADIUS,SQL Domain interaction (account creation on domains) Account caching (AD is queried before the modules)

RADIUS Advantages Decision point, not just a database Dynamic expansion, calculated values for returned attributes Accounting Delegated administration, multiple user databases available (LDAP,SQL,etc) Anonymous user support Special features: default/group profiles, user time quotas, login-time restrictions

RADIUS Problems A RADIUS server is needed A RADIUS server is needed RADIUS secret is stored on each workstation

RADIUS vs LDAP RADIUS is a decision point RADIUS provides accounting LDAP access may be restricted with RADIUS as frontend Powerful vs Simple (LDAP is just a database) RADIUS is an extra

Team Involvement pGina code patches mainly by Agis Andreou A large part of the radius plugin code

TODO List Add EAP-TTLS support for password transmission

Real Life Usage Used in the NTUA Library providing authentication to public workstations with positive results Scheduled to be used in the Greek School Network

Conclusions RADIUS can be a viable solution to provide (in combination with pGina) the framework for Windows AAA Secure, scalable, powerful solution

Thank you! Any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.