locked
IIS with Radius and TACACS authentication RRS feed

  • Question

  • User-603655247 posted

    Problem: Network appliance with embedded XP uses IIS web interface and needs to use RADIUS and  TACACS for authentication

    Is there a way for IIS to use RADIUS or TACACS authentication?

    The only thing that I have found in my google searches is RADIIS. 

    http://www.tcpdata.com/radiis_tech.shtml

     I have not found a solution for TACACS.

     

    Tuesday, July 17, 2007 1:53 PM

Answers

  • User-2135738267 posted

    I don't know of any IIS-specific solutions off the top of my head. you could either write something custom or you could use the Advanced Client Authentication Module which supports both RADIUS and TACACS provided you have an F5 BigIP LTM.

    Sorry I don't have a better answer for you...

    Seth

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, July 18, 2007 3:56 PM
  • User1073881637 posted

    I worked with this type of device, the services ran as a domain account, then the TACACS device would authenticate uses via LDAP and then cache the credentials on the device.  This was outside of IIS's login ideas you are trying to do.  I would contact the vendor for further assistance. 

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, July 19, 2007 3:26 AM

All replies

  • User-2135738267 posted

    I don't know of any IIS-specific solutions off the top of my head. you could either write something custom or you could use the Advanced Client Authentication Module which supports both RADIUS and TACACS provided you have an F5 BigIP LTM.

    Sorry I don't have a better answer for you...

    Seth

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, July 18, 2007 3:56 PM
  • User1073881637 posted

    I worked with this type of device, the services ran as a domain account, then the TACACS device would authenticate uses via LDAP and then cache the credentials on the device.  This was outside of IIS's login ideas you are trying to do.  I would contact the vendor for further assistance. 

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, July 19, 2007 3:26 AM
  • User1073881637 posted

    There appears to be some configuration you have to do so this windows prompt will talk to your Radius server.  Just a total guess, they are probably running some type of ISAPI that intercepts the authentication request, go remotely to their device, authenticates and returns.  I'd think the vendor should be able to be the best resource for help.  Unless, of course there is someone on the forums who has tried to implement this before.  I personally have never tried this device.  Good luck.

    Thursday, July 19, 2007 3:29 AM
  • User-2135738267 posted

    Actually, this is all handled before the request even hits IIS. There’s no configuration that needs to take place on IIS for it to work. Basically, IIS doesn’t even know that authentication is being done – the profile and iRule are created on the BigIP LTM that defines how authentication and authorization work. This approach has its advantages and disadvantages and may not work in every case. For example, if you’re looking to impersonate, this solution will not help you.

    An overview can be found @ http://www.f5.com/solutions/technology/pdfs/clientauthentication_wp.pdf

    Seth

    Thursday, July 19, 2007 10:36 AM