Cisco WCS and Microsoft IAS
I’m deploying a Cisco Unified Wireless Network at the office. It’s a cool, but complex beast. Along the way, I’m learning lots and lots of stuff…. one of which is how to use RADIUS to authenticate users. It’s an old but great protocol. In my situation, I want the Cisco Wireless Control System (WCS) to allow members of an MS Active Directory (AD) security group to log in and administer the system. The WCS software can use RADIUS to authenticate users, but it needs the RADIUS server to return a bunch of information with along with the Auth-Accept (OK, let him in) message. Took me a while to understand what that meant and how to make it happen and along they way, I found that
- Configuring FreeRADIUS, the OSS solution, has a steep, steep learning curve. I fell off about 3/4 of the way up.
- The available documentation doesn’t seem sufficient to help total protocol newbies get up to speed.
- Microsoft IAS is a pretty nice little AAA server that does RADIUS just fine, thank you, and it’s already part of Server 2003!
So, I hopped down of the FreeRADIUS learning curve and walked up the shallowly sloped IAS learning ramp and made some progress. Until, that is, I realized that, like many Microsoft system administration interfaces, adding more than a few items at a time is an all day click-a-thon…
And then I discovered that – lo and behold – the data storage for IAS is an Access database! No kidding! So, I stopped the service, closed the SMC console plugin that manages IAS and copied the C:\Windows\system32\ias\ias.mdb to a computer with Office 2007 and Access 2007 installed and away I went. Once I figured out the record format, I made a CSV of the entries I needed to add, using vim, and I imported them. Then I copied the database file back and started IAS and – woooo hooooo! It worked! Five hundred attributes entered in about twenty minutes.
These two posts showed me about IAS and got me started with it:
- Configure your Cisco routers to authenticate … using … IAS.
- ?Configuring PEAP on Cisco WCS using Microsoft’s Radius (IAS) Server
Saddly, the folks at deployingradius.com were not so useful.