RADIUS аутентификация в Microsoft AD
Win2008
Установка и настройка
Server Manager -> Roles ->
Add Roles -> Network Polices and Access Services -> Network Policy Server
Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
Radius Clients and Servers -> new
...
Аутентификация Cisco login
Server Manager -> Roles ->
Network Polices and Access Services -> NPS(local) ->
Polices -> Network Polices -> policy cisco admin -> Propeties
Constraints ->
Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
Settings ->
Standart -> Service-Type = NAS-Prompt
Авторизация Cisco exec
Server Manager -> Roles ->
Network Polices and Access Services -> NPS(local) ->
Polices -> Network Polices -> policy cisco admin -> Propeties
Constraints ->
Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
Settings ->
Standart -> Service-Type = NAS-Prompt
Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15
Аутентификация 802.1x (PEAP)
Server Manager -> Roles ->
Add Roles -> Active Directory Certificate Services
... Web Enrollment ...
Server Manager -> Roles ->
Network Polices and Access Services -> NPS(local) ->
Polices -> Network Polices -> new
Plicy Name: policy 802.1x
Conditions: Windows Group -> Domain Users
Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
Win2003
Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
Add peer to IAS (intgate)
Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
Check Unencrypted authentication (PAP, SPAP)
Permit DialIn for user user