Differences

This shows you the differences between two versions of the page.

--- radius_аутентификация_в_microsoft_ad [2013/10/09 12:53]
val [Win2003]
+++ radius_аутентификация_в_microsoft_ad [2013/12/15 07:27] (current)
val
@@ Line 1: / Line 1: @@
 ====== RADIUS аутентификация в Microsoft AD ======
-===== Добавление RADIUS интерфейса к AD =====
+===== Win2008 =====
-==== Win2008 ====
+==== Установка и настройка ====
-[[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]]
+  * Using Windows 2008 for RADIUS Authentification ([[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]])
-**Server Manager ->**
+<code>
+Server Manager -> Roles ->
+  Add Roles -> Network Polices and Access Services -> Network Policy Server
+  Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
+    Radius Clients and Servers -> new
+    ...
+</code>
-==== Win2003 ====
+==== Аутентификация Cisco login ====
-  * Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
-  * Add peer to IAS (intgate)
-  * Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
-  * Check Unencrypted authentication (PAP, SPAP)
-  * Permit DialIn for user user
-===== Тестирование RADIUS интерфейса к AD =====
 <code>
-gate# radtest user1 'Pa$$w0rd1' server 1 'testing123'
+Server Manager -> Roles ->
+  Network Polices and Access Services -> NPS(local) ->
+    Polices -> Network Polices -> policy cisco admin -> Propeties
+      Constraints ->
+        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
+      Settings ->
+        Standart -> Service-Type = NAS-Prompt
 </code>
-===== Нестройка библиотеки pam radius для сервиса ssh =====
+==== Авторизация Cisco exec ====
+  * Configure a Custom VSA ([[http://technet.microsoft.com/en-us/library/cc731611.aspx]])
+  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://habrahabr.ru/post/135419/]])
-==== FreeBSD ====
 <code>
-[gate:~] # cat /etc/radius.conf
+Server Manager -> Roles ->
-auth server testing123 3
+  Network Polices and Access Services -> NPS(local) ->
+    Polices -> Network Polices -> policy cisco admin -> Propeties
+      Constraints ->
+        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
+      Settings ->
+        Standart -> Service-Type = NAS-Prompt
+        Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15
+</code>
-[gate:~] # cat /etc/pam.d/system
+==== Аутентификация 802.1x (PEAP) ====
-...
-auth    sufficient      pam_radius.so   no_warn try_first_pass
+  * При использовании PEAP в XSupplicant необходимо в поле "Other Identity" указать имя пользователя
-auth    required        pam_unix.so     no_warn try_first_pass
-...
-</code>
-==== Ubuntu ====
 <code>
-root@gate:~# apt-get install libpam-radius-auth
+Server Manager -> Roles ->
+  Add Roles -> Active Directory Certificate Services
+   ... Web Enrollment ...
-root@gate:~# cat /etc/pam_radius_auth.conf
+Server Manager -> Roles ->
-...
+  Network Polices and Access Services -> NPS(local) ->
-server testing123 3
+    Polices -> Network Polices -> new
-...
+      Plicy Name: policy 802.1x
+      Conditions: Windows Group -> Domain Users
+      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
+</code>
+===== Win2003 =====
-root@gate:~# cat /etc/pam.d/login
+<code>
-...
+Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
-auth       sufficient   pam_radius_auth.so
+  Add peer to IAS (intgate)
-# Standard Un*x authentication.
+    Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
-...
+    Check Unencrypted authentication (PAP, SPAP)
+    Permit DialIn for user user
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools