locked
Windows Server 2008 Radius server with MySQL RRS feed

  • Question

  • Hello !

    I want to ask a question about Windows RADIUS server authentication. Is this possible to do with MySQL database?

    For example, there is a website, users can register, and for authentication we want to use Windows Server 2008 with RADIUS server. Can this RADIUS server look at MySQL database when the user want's to authenticate? ( I'm asking not about authentication for the website, but for the network devices. There will be some Cisco equipment, and when the user wants to connect, these devices will send authentication request to the RADIUS server).

    Thank you for your time and for your answers!


    • Edited by Dimitrijus Saturday, April 7, 2012 11:49 AM
    Saturday, April 7, 2012 11:47 AM

Answers

  • Hi Dimitrijus,

    Thanks for posting here.

    I am afraid that Windows RADIUS server can’t accomplish that cos it can only obtain account information from local Security Accounts Manager (SAM) or a Microsoft Windows NT 4.0 domain, or Active Directory® Domain Services (AD DS) but not third party database:

    User account databases
    The user account database is the list of user accounts and their properties that can be checked by a RADIUS server to verify authentication credentials and user account properties containing authorization and connection parameter information.
    The user account databases that NPS can use are the local Security Accounts Manager (SAM), a Microsoft Windows NT 4.0 domain, or Active Directory® Domain Services (AD DS). For AD DS, NPS can provide authentication and authorization for user or computer accounts in the domain in which the NPS server is a member, two-way trusted domains, and trusted forests with domain controllers running Windows Server® 2008; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.
    If the user accounts for authentication reside in a different type of database, NPS can be configured as a RADIUS proxy to forward the authentication request to a RADIUS server that does have access to the user account database. Different databases for AD DS include untrusted forests, untrusted domains, or one-way trusted domains.

    RADIUS Protocol and Components

    http://technet.microsoft.com/en-us/library/cc726017(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Monday, April 9, 2012 2:22 AM