DESCRIPTION: How to configure IAS RADIUS Authentication
Gen 5 - IAS RADIUS Authentication
The following tech note will explain the basic steps needed to get Microsoft IAS RADIUS working with a SonicWall Gen 4 or 5 firewall. In this example, RADIUS will be used to authenticate ‘SonicWall Read-Only Admins’. A different existing or custom group could also be used depending on the desired RADIUS authentication goal.
Launch Internet Authentication Service from Administrative Tools.
Right-click RADIUS Clients and select ‘New RADIUS Client’.
Enter a Friendly Name and IP address for the SonicWall, and then click ‘Next’.
RADIUS Standard should be selected under Client-Vendor. Enter a shared-secret, which will be used as an MD5 Hash to secure the communication between IAS and the SonicWall.
Highlight Remote Access Logging. Right-click Local File and select Properties. Check each of the boxes to provide logging. The Event Viewer>System Log will have relevant info should it be needed for troubleshooting RADIUS authentication failures.
Right-click Remote Access Policies and select New Remote Access Policy, which will launch the Policy Wizard.
Choose Set up a custom policy and choose a Policy name.
Click on Add and select the Windows-Groups attribute.
Choose a group and add the users that will use RADIUS authentication.
Note: each user will need to have the Remote Access Permission (Dial-in or VPN) Allow Access radio button enabled.
Highlight Remote Access Policies, right-click the policy, and select Properties. Select Edit Profile then the Authentication Tab. Select Unencrypted authentication (PAP, SPAP). Note: This choice is actually considered Standard Authentication using PAP, which is encrypted i.e. all communication is secured.
Log into the SonicWall and go to Users>Settings. Select RADIUS or RADIUS + Local Users for the Authentication method for login. Click Configure.
Enter Primary Server Name or IP Address and the Shared Secret. Configure the same for the Secondary Server if one exists.
Select ‘Use SonicWall vendor-specific attribute on RADIUS users’ or ‘Use RADIUS Filter-Id attribute on RADIUS server’ under ‘Mechanism for setting user group memberships for RADIUS users’. Also, choose the ‘Default user group to which RADIUS users belong’.
Select the Test Tab to verify that the RADIUS Settings are functional. Enter a username and password choosing ‘Password authentication’ from the Test: options.
Test the RADIUS Authentication by attempting to log into the SonicWall to gain Read-Only access.