CRYPTOCard Migration Agent for CRYPTO-MAS

Similar documents
Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

Implementation Guide for protecting. CheckPoint Firewall-1 / VPN-1. with. BlackShield ID

Implementation Guide for protecting. SonicWall Security Appliances. with. BlackShield ID

BlackShield ID. Windows Logon Agent CRYPTOCard Corp. All rights reserved.

Token Guide for USB MP. with. BlackShield ID

KT-1 Token. Reference Guide. CRYPTOCard Token Guide

Cisco 802.1x Wireless using PEAP Quick Reference Guide

Implementation Guide for Funk Steel-Belted RADIUS

RSA Identity Governance and Lifecycle Collector Data Sheet For IBM Tivoli Directory Server

ISA 2006 and OWA 2003 Implementation Guide

Citrix Access Gateway Implementation Guide

SafeNet Authentication Service Agent for Cisco AnyConnect Client. Installation and Configuration Guide

Remote Support Security Provider Integration: RADIUS Server

SafeNet Authentication Service

Security Provider Integration RADIUS Server

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft NPS Technical Manual Template

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

MCSA Guide to Networking with Windows Server 2016, Exam

etoken Integration Guide etoken and ISA Server 2006

RSA Authentication Manager 7.1 Administrator s Guide

Token Guide for KT-4 for

RSA Authentication Manager 7.1 Migration Guide

Cloud Link Configuration Guide. March 2014

WatchGuard Firebox and MUVPN. Quick Start Guide. Copyright CRYPTOCard Corporation All Rights Reserved

Integration Guide. SafeNet Authentication Service. Strong Authentication for Juniper Networks SSL VPN

SafeNet Authentication Service

Implementing CRYPTOCard Authentication. for. Whale Communications. e-gap Remote Access SSL VPN

CRYPTOCard BlackBerry Token Implementation Guide

NetScaler Radius Authentication. Integration Guide

RSA Authentication Manager 6.1 to 8.0 Migration Guide

Quest Collaboration Services 3.6. Installation Guide

ESET SECURE AUTHENTICATION. Microsoft RRAS with NPS PPTP VPN Integration Guide

Instant HR Auditor Installation Guide

FieldView. Management Suite

SafeNet Authentication Service

Checkpoint VPN-1 NG/FP3

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Trademarks. License Agreement. Third-Party Licenses. Note on Encryption Technologies. Distribution

One Identity Defender 5.9. Product Overview

SafeNet Authentication Service

Configuring the Cisco VPN 3000 Concentrator with MS RADIUS

SafeNet Authentication Manager

Intel Small Business Extended Access. Deployment Guide

RB Digital Signature Proxy Guide for Reporters

Barracuda Networks NG Firewall 7.0.0

Copyright ATRIL Language Engineering, S.L. All rights reserved.

Avaya Enterprise Policy Manager 5.0 User-Based Policies

RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide

SafeNet Authentication Service

Dell Secure Mobile Access Connect Tunnel Service User Guide

Integrate Routing and Remote Access Service (RRAS) EventTracker v8.x and above

Dolby Conference Phone. Configuration guide for BT MeetMe with Dolby Voice

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

SafeNet Authentication Service

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Installation Guide. ProView. For System Center operations Manager ProView Installation Guide. Dynamic Azure and System Center insights

Installing and Configuring the Standalone PTC License Server Creo 4.0 F000

LiteSpeed for SQL Server 6.1. Configure Log Shipping

Quest Recovery Manager for Active Directory 9.0. Quick Start Guide

SAM 8.0 SP2 Deployment at AWS. Version 1.0

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

ChangeAuditor 5.6. For NetApp User Guide

Workshop on Windows Server 2012

HYCU SCOM Management Pack for F5 BIG-IP

Configure the Cisco VPN 3000 Series Concentrators to Support the NT Password Expiration Feature with the RADIUS Server

SafeNet Authentication Manager

RSA Archer GRC Application Guide

SafeNet Authentication Service Cisco AnyConnect Agent. Configuration Guide

Software Token. Installation and User Guide. 22 September 2017

4TRESS AAA. Out-of-Band Authentication (SMS) and Juniper Secure Access Integration Handbook. Document Version 2.3 Released May hidglobal.

SafeNet Authentication Service Agent for Microsoft Outlook Web App. Installation and Configuration Guide

4TRESS FT2011 Out-of-Band Authentication and Juniper Secure Access

Integration Guide. SafeNet Authentication Service. Protecting Microsoft Internet Security and Acceleration (ISA) Server 2006 with SAS

Centrix WorkSpace Discovery Installation Guide. Version 1.0

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Installing and Configuring vcenter Multi-Hypervisor Manager

Cisco Secure ACS 3.0+ Quick Start Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved

SafeNet Authentication Service

Quest Recovery Manager for Active Directory Forest Edition 9.0. Quick Start Guide

Service Manager. Installation and Deployment Guide

AssetCentre. Asset Management INSTALLATION GUIDE INTEGRATED PRODUCTION & PERFORMANCE SUITE

PTC Windchill Quality Solutions Extension for ThingWorx Guide

NETWRIX INACTIVE USER TRACKER

Apple Computer, Inc. ios

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

ChangeAuditor 5.6. What s New

Diagnostic Manager Advanced Installation Guide

Deltek Touch Expense for Ajera. Touch 1.0 Technical Installation Guide

LAB: Configuring LEAP. Learning Objectives

Echidna Concepts Guide

Configuring the SMA 500v Virtual Appliance

Ivy migration guide Getting from Dashboard to Ivy

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Citrix GoToMyPC

802.1x Radius Setup Guide Working AirLive AP with Win X Radius Server

SafeNet Authentication Service Authentication API for Microsoft.Net. Developer Guide

Avaya Aura 6.2 Feature Pack 2

Integrated for Océ Setup Guide

RED IM Integration with Bomgar Privileged Access

Transcription:

CRYPTOCard Migration Agent for CRYPTO-MAS Version 1.0 2009 CRYPTOCard Corp. All rights reserved. http://www.cryptocard.com

Trademarks CRYPTOCard and the CRYPTOCard logo are registered trademarks of CRYPTOCard Corp. in the Canada and/or other countries. All other goods and/or services mentioned are trademarks of their respective companies. License agreement This software and the associated documentation are proprietary and confidential to CRYPTOCard, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by CRYPTOCard. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Contact Information CRYPTOCard s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network. In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a CRYPTOCard channel partner, please contact your partner directly for support needs. To contact CRYPTOCard directly: International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042 support@cryptocard.com For information about obtaining a support contract, see our Support Web page at http://www.cryptocard.com. Go to the CRYPTOCard corporate web site for regional Customer Support telephone and fax numbers: http://www.cryptocard.com CRYPTOCard Migration Agent for CRYPTO-MAS i

Publication History Date Changes 2009.09.04 Draft release 2009.09.15 Initial release to accompany Field Trials 2009.09.24 Minor changes to initial draft 2009.09.25 Minor changes for Launch Release CRYPTOCard Migration Agent for CRYPTO-MAS ii

Table of Contents CRYPTOCARD MIGRATION AGENT OVERVIEW...1 Installation...3 Installing IAS and NPS...3 INSTALLATION OF THE CRYPTOCARD MIGRATION AGENT FOR IAS...4 CONFIGURE IAS TO USE THE CRYPTOCARD MIGRATION AGENT...5 Configure Microsoft IAS for RADIUS Client(s)...5 Create a Remote RADIUS Server Group...6 Create a Remote Access Policy...8 Create a Connection Request Policy...9 INSTALLATION OF THE CRYPTOCARD MIGRATION AGENT FOR NPS...11 CONFIGURE NPS TO USE THE CRYPTOCARD MIGRATION AGENT...12 Configure Microsoft NPS for RADIUS Client(s)...12 Create a Remote RADIUS Server Group...13 Creating a Connection Request Policy...15 TROUBLESHOOTING THE CRYPTOCARD MIGRATION AGENT FOR IAS / NPS...18 IAS / NPS logs...18 CRYPTOCard Migration Agent Logging Level...20 CRYPTOCard Migration Agent for CRYPTO-MAS iii

CRYPTOCard Migration Agent Overview This document presents an overview of the CRYPTOCard Migration Agent and necessary steps to configure RADIUS proxy authentication. In this document we will show you: What the CRYPTOCard Migration Agent is and how it works How to implement the Agent within your network Steps to take to re-configure your existing Authentication server Steps to take to add CRYPTO-MAs to your network How to diagnose potential installation problems The CRYPTOCard Migration Agent is a freely distributed application which allows ANY RADIUS based device or application to communicate with both an existing Authentication server and CRYPTOCard s Passwords-as-a-Service solution CRYPTO-MAS within the same access network. The purpose of the Agent is to provide a low-investment, controlled and interruption free migration from a 3 rd party authentication server, such as RSA Authentication Manager, to CRYPTO-MAS. It allows both authentication solutions to work in parallel so that CRYPTO-MAS can gradually replace the existing authentication server as the primary server reducing the need for a wholesale change of existing tokens, instead allowing for the replacement of tokens when either faulty or at the end of the license period. The CRYPTOCard Migration Agent leverages RADIUS components of IAS on Windows Server 2003 or NPS on a Windows Server 2008. The agent intercepts RADIUS requests from the access device/application and handles all of the authentication processes with the existing authentication server and CRYPTO-MAS. To enable the CRYPTOCard Migration Agent to accept RADIUS authentication requests you must: Have either the Windows IAS or NPS Windows component installed within your network Install the CRYPTOCard Migration Agent on the machine that is hosting IAS or NPS. Enable RADIUS authentication on the existing server your service provider will help you achieve this. All servers are likely to have this capability, but it may not be enabled as some vendors recommend the use of proprietary protocols. RADIUS is an industry standard protocol and if a change is required it will not result in the loss of critical authentication functionality. In the diagram below, we can see the existing authentication server continues as the primary authentication server, while CRYPTO-MAS is added to the network to act as the secondary authentication server. CRYPTOCard Migration Agent for CRYPTO-MAS 1

Figure 1 CRYPTOCard Migration Agent With the CRYPTOCard Migration Agent acting as an intermediate authentication server, the authenticated connection sequence would be as follows: 1. RADIUS requests received by Microsoft IAS/NPS from devices such as VPNs, Firewalls and other RADIUS Clients such as web applications are passed to the CRYPTOCard Migration Agent. The CRYPTOCard Migration Agent forwards the RADIUS authentication request to its Primary RADIUS Server entry (e.g.: RSA, VASCO, Aladdin, et al). 2. If the user credentials are valid an Access-Accept is send back to the Agent, which then forwards this to the access device, the user then gains access to the network resource. 3. If the user credentials are invalid an Access-Reject is returned and the CRYPTOCard Migration Agent forwards the RADIUS authentication request to its Secondary RADIUS Server entry (i.e.: CRYPTO- MAS). 4. If the users credentials are valid an Access-Accept is sent back and the user gains access to the network resource. An Access-Reject from CRYPTO-MAS will mean no access for the user. RADIUS Client configuration guides for a wide range of VPN, firewall and other network access devices or web based applications are available in the Support section of http://www.cryptocard.com/. It is good practice to test an end-to-end RADIUS authentication using static passwords before installing the Agent. This simple step eliminates the possibility of RADIUS configuration errors, which will result in the Agent not receiving data from IAS/NPS. CRYPTOCard Migration Agent for CRYPTO-MAS 2

Installation Installation of the application requires three simple steps: 1. First of all you will need to download the Migration Agent. This will either have been sent to you by your Service Provider or you will need to download it from one of the links below CRYPTOCard RADIUS Proxy.exe for 32 bit servers http://download.cryptocard.com/packages/radius_proxy/cryptocard_radius_proxy.exe CRYPTOCard RADIUS Proxy x64.exe for 64 bit servers http://download.cryptocard.com/packages/radius_proxy/cryptocard_radius_proxy_x64.exe 2. You will then need to configure the Microsoft IAS/NPS application and install the CRYPTOCard Agent: Installation and configuration instructions for use with Microsoft IAS begin with on page 4. Installation and configuration instructions for use with Microsoft NPS begin with on page 11. 3. You will need to configure your existing Authentication server to accept RADIUS requests from the CRYPTOCard Migration enabled IAS/NPS agent. Installing IAS and NPS On Windows 2003, the Microsoft Internet Authentication Service can be installed from Add/Remove Programs, Add/Remove Windows Components, Networking Services, Internet Authentication Service. On Windows 2008, the Microsoft Network Policy Server can be installed from Administrative Tools, Server Manager, Roles, Add Roles, Network Policy and Access Services. CRYPTOCard Migration Agent for CRYPTO-MAS 3

Installation of the CRYPTOCard Migration Agent for IAS 1. Log on to the server on which IAS has been installed. 2. Locate and run the Installer: CRYPTOCard RADIUS Proxy.exe for 32 bit servers. or CRYPTOCard RADIUS Proxy x64.exe for 64 bit servers. 3. Accept the license agreement to continue with the installation. 4. Enter the hostname or IP address, Port and Shared Secret of the Primary RADIUS Server. (Note: If the Primary Server is unavailable, authentication requests will be forwarded to the Secondary RADIUS server) Enter the hostname or IP address, Port and Shared Secret of the Secondary RADIUS Server. If you do not have a Secondary RADIUS Server leave the Secondary RADIUS Server fields blank. Click Next. CRYPTOCard Migration Agent for CRYPTO-MAS 4

Configure IAS to use the CRYPTOCard Migration Agent Configuring IAS to use the CRYPTOCard Migration Agent requires four steps: Configure Microsoft IAS for RADIUS Client(s). Create a remote RADIUS Server Group. Create a Remote Access Policy. Create a Connection Request Policy. Configure Microsoft IAS for RADIUS Client(s) 1. Open the Internet Authentication Service Console 2. Select RADIUS Clients 3. Right click client and select New RADIUS Client 4. Enter Friendly name of your remote client/device (i.e. SSL VPN Authentication) 5. Enter the IP address of the client (i.e. VPN Device) 6. Click Next CRYPTOCard Migration Agent for CRYPTO-MAS 5

7. Select Client-Vendor of RADIUS Standard 8. Enter Shared secret. This must match the shared secret on the client/device 9. Enter Confirm shared secret 10. Click Finish to add client Create a Remote RADIUS Server Group 1. Open the Internet Authentication Service Console 2. Expand Connection Request Processing 3. Right click on Remote RADIUS Server Groups and select New RADIUS Server Group A Wizard should pop up. Click Next to dismiss welcome dialogue. 4. Select Custom then enter a friendly Group name of CRYPTO-MAS RADIUS Authentication Servers. Click Next CRYPTOCard Migration Agent for CRYPTO-MAS 6

5. Select Add 6. Select the Address tab. In Server: enter auth.cryptocard.com 7. Select Authentication/Accounting In Authentication Port: enter 1812 In Shared Secret field: enter the value that was submitted to CRYPTOCard when your network device was activated Click OK 8. Select Add 9. Select the Address tab. In Server: enter auth2.cryptocard.com 10. Select Authentication/Accounting In Authentication Port: enter 1812 In Shared Secret field: enter the value that was submitted to CRYPTOCard when your network device was activated Click OK 11. Select Load Balancing In Priority Enter 2 Click OK then Next CRYPTOCard Migration Agent for CRYPTO-MAS 7

12. Remove the checkmark in Start the New Connection Policy Wizard when this wizard closes then select Finish Create a Remote Access Policy 1. Open the Internet Authentication Service Console 2. Select the Remote Access Policies 3. Select the first policy in the right hand pane, if one exists 4. Select Remote Access Policies again 5. Right click and select New Remote Access Policy A Wizard should pop up. Click Next to dismiss welcome dialogue. 6. Select Set up a custom policy 7. Enter a friendly policy name of Allow Authentication to RADIUS Servers. Click Next CRYPTOCard Migration Agent for CRYPTO-MAS 8

8. Click Add 9. Select NAS-Port-Type 10. Click Add 11. Select Ethernet, then click Add 12. Select Grant remote access permission 13. Click Next 14. Click Next to skip changing the profile 15. Click Finish to add the policy. Create a Connection Request Policy 1. Open the Internet Authentication Service Console 2. Expand Connection Request Processing 3. Select Connection Request Policies 4. Select the first policy in the right hand pane, if one exists. 5. Select Connection Request Policies again CRYPTOCard Migration Agent for CRYPTO-MAS 9

6. Right click and select New Connection request policy 7. A Wizard should pop up. Click Next 8. Select A custom policy 9. Enter a policy name of Allow all users to authenticate to RADIUS Server 10. Click Next 11. Click Add 12. Select Day-And-Time- Restriction 13. Click Add 14. Click Permitted 15. Click OK and then click Next. 16. Click Edit Profile 17. Click Forward Requests to the following remote RADIUS server group for authentication. In the dropdown select CRYPTO-MAS RADIUS Authentication Servers 18 Click OK 19. Click Next 20. Click Finish to add the policy. Note: These changes will not take effect until the IAS service has been restarted. CRYPTOCard Migration Agent for CRYPTO-MAS 10

Installation of the CRYPTOCard Migration Agent for NPS 1. Log on to the server on which NPS has been installed. 2. Locate and run the Installer: CRYPTOCard RADIUS Proxy.exe for 32 bit servers. or CRYPTOCard RADIUS Proxy x64.exe for 64 bit servers. 3. Accept the license agreement to continue with the installation. 4. Enter the hostname or IP address, Port and Shared Secret of the Primary RADIUS Server. (Note: If the Primary Server is unavailable, authentication requests will be forwarded to the Secondary RADIUS server) Enter the hostname or IP address, Port and Shared Secret of the Secondary RADIUS Server. If you do not have a Secondary RADIUS Server leave the Secondary RADIUS Server fields blank. Click Next. CRYPTOCard Migration Agent for CRYPTO-MAS 11

Configure NPS to use the CRYPTOCard Migration Agent Configuring NPS to use the CRYPTOCard Migration Agent requires three steps: Configure Microsoft IAS for RADIUS Client(s). Create a remote RADIUS Server Group. Create a Connection Request Policy. Configure Microsoft NPS for RADIUS Client(s) 1. Open the Network Policy Server Console 2. Select RADIUS Clients and Servers 3. Right click client and select New RADIUS Client 4. Ensure that the textbox for Enable this RADIUS Client is selected 5. Enter Friendly name of your remote client (i.e. SSL VPN Authentication) 6. Enter the IP Address of the remote client (e.g.vpn device) 7. Select Vendor name of RADIUS Standard 8. Select Client-Vendor of RADIUS Standard 9. Enter Shared secret. This must match the shared secret on the client. 10. Re-enter the shared secret in the Confirm shared secret 11. Click OK to add client CRYPTOCard Migration Agent for CRYPTO-MAS 12

Create a Remote RADIUS Server Group 1. Open the Network Policy Server Console 2. Expand RADIUS Clients and Servers 3. Right click on Remote RADIUS Server Groups and select New 4. Enter a Group name of CRYPTO-MAS RADIUS Authentication Servers then select Add 6. Select the Address tab. In Server: enter auth.cryptocard.com 7. Select Authentication/Accounting In Authentication Port: enter 1812 In Shared Secret field: enter the value that was submitted to CRYPTOCard when your network device was activated Click OK 8. Select Add CRYPTOCard Migration Agent for CRYPTO-MAS 13

9. Select the Address tab. In Server: enter auth2.cryptocard.com 10. Select Authentication/Accounting In Authentication Port: enter 1812 In Shared Secret field: enter the value that was submitted to CRYPTOCard when your network device was activated Click OK 11. Select Load Balancing In Priority Enter 2 Click OK. CRYPTOCard Migration Agent for CRYPTO-MAS 14

Creating a Connection Request Policy 1. Open the Network Policy Server Console 2. Expand Policies 3. Select Connection Request Policies 4. Right Click and select New 5. The New Connection Request Policy Wizard begins 6. When prompted enter a policy name of Allow all users to authenticate to Primary RADIUS Server 7. Under Type of network access server select Unspecified. 8. Click Next 9. Click Add from the Specify Condition dialog 10. Select Date and Time Restrictions 11. Click Add CRYPTOCard Migration Agent for CRYPTO-MAS 15

12. Select Permitted and click OK 13. Click Next 14. In the next dialog select Forward requests to the following remote RADIUS Server group for authentication. In the dropdown select CRYPTO-MAS RADIUS Authentication Servers. 15. Select Next 16. 17. Select Next Click Finish to add the policy 18. Under Connection Request Policies, right click on Use Windows Authentication for all users and select Disable Note: These changes will not take effect until the Network Policy Server service has been restarted. CRYPTOCard Migration Agent for CRYPTO-MAS 16

Configuring your existing Authentication Server The final step of getting the CRYPTOCard Migration Agent working within your existing network is to configure your primary authentication server to communicate with the Agent. We recommend that you now configure your existing server and test the operation of the Agent prior to adding CRYPTO-MAS into your network. Your Service Provider will help you configure the existing server to communicate with the CRYPTOCard Migration Agent. The following information will be required to allow the agent to be set-up: Network devices must support the RADIUS Authentication Protocol. Please consult your third party documentation for compatibility. If a network device has been configured to perform a proprietary method of authentication, it must be reconfigured to RADIUS authentication (e.g.: RSA sometimes recommend the use of a nonstandard protocol). UDP Port 1812, 1813, 1645 and 1646 network traffic must be permitted between your network devices and the authentication servers. Various Third Party integration guides can be found in the Support Section of www.cryptocard.com. If an integration guide cannot be found for your device, please refer to the Third Party vendor documentation to enable RADIUS Authentication. Everything will now be set-up and tested so that any existing users are fully operational. Setting-up CRYPTO-MAS The next and final step is to add CRYPTO-MAS into the network. To do this we recommend you follow the very simple steps show in the How to Guide: Setting up your Account on CRYPTO-MAS. It might also be advisable to refer to the CRYPTO-MAS Administrators guide. This will explain how to get your account set-up, import the details of the users that you are migrating to CRYPTO-MAS and how to allocate tokens to those users. CRYPTOCard Migration Agent for CRYPTO-MAS 17

Troubleshooting the CRYPTOCard Migration Agent for IAS / NPS Your CRYPTOCard Migration Agent should now be installed and working with both your existing authentication server and with CRYPTO-MAS. However, if for any reasons you are having problems, then the following may help you isolate any issues. Naturally, your CRYPTOCard Service Provider will be on hand to help. IAS / NPS logs All information between network devices and the Microsoft IAS RADIUS server log into the Event Viewer under System. In the Microsoft NPS RADIUS Server, the information appears in the Event Viewer under Custom Views, Server Roles, Network Policy and Access Services. Below is an example of a successful IAS authentication request User jsmith was granted access. Fully-Qualified-User-Name = <undetermined> NAS-IP-Address = <not present> NAS-Identifier = <not present> Client-Friendly-Name = 192.168.10.105 Client-IP-Address = 192.168.10.105 Calling-Station-Identifier = <not present> NAS-Port-Type = <not present> NAS-Port = <not present> Proxy-Policy-Name = Allow all users to authenticate to RADIUS Server Authentication-Provider = RADIUS Proxy Authentication-Server = auth.cryptocard.com Policy-Name = <undetermined> Authentication-Type = <undetermined> EAP-Type = <undetermined> CRYPTOCard Migration Agent for CRYPTO-MAS 18

Below is an example of a failed IAS authentication request User jsmith was denied access. Fully-Qualified-User-Name = <undetermined> NAS-IP-Address = <not present> NAS-Identifier = <not present> Called-Station-Identifier = <not present> Calling-Station-Identifier = <not present> Client-Friendly-Name = 192.168.10.105 Client-IP-Address = 192.168.10.105 NAS-Port-Type = <not present> NAS-Port = <not present> Proxy-Policy-Name = Allow all users to authenticate to RADIUS Server Authentication-Provider = RADIUS Proxy Authentication-Server = auth.cryptocard.com Policy-Name = <undetermined> Authentication-Type = <undetermined> EAP-Type = <undetermined> Reason-Code = 112 Reason = The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request. CRYPTOCard Migration Agent for CRYPTO-MAS 19

CRYPTOCard Migration Agent Logging Level Logging Level Registry Key The loglevel can be changed in the HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\RadiusProxy\LogLevel registry key. For log levels, 1, 2 and 3, only the initial connection between the Agent and the Server and any failed connection attempts are logged. Log level 5 will place the log in debug mode. Log File Location The default location of the log file is: \Program Files\CRYPTOCard\RadiusProxy\Log\ Note: the IAS/NPS service must be restarted for changes to log settings to take effect. CRYPTOCard Migration Agent for CRYPTO-MAS 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback