This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
radius_аутентификация_в_microsoft_ad [2013/10/09 16:59] val [Win2008] |
radius_аутентификация_в_microsoft_ad [2013/11/22 08:50] val [Установка и настройка] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== RADIUS аутентификация в Microsoft AD ====== | ====== RADIUS аутентификация в Microsoft AD ====== | ||
- | ===== Добавление RADIUS интерфейса к AD ===== | + | ===== Win2008 ===== |
- | ==== Win2008 ==== | + | ==== Установка и настройка ==== |
- | === Установка и настройка === | + | * Using Windows 2008 for RADIUS Authentification ([[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]]) |
- | + | ||
- | [[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]] | + | |
<code> | <code> | ||
Server Manager -> Roles -> | Server Manager -> Roles -> | ||
Add Roles -> Network Polices and Access Services -> Network Policy Server | Add Roles -> Network Polices and Access Services -> Network Policy Server | ||
- | Network Polices and Access Services -> NPS(local) -> | + | Network Polices and Access Services -> NPS(local) -> Register server in Active Directory |
- | Register server in Active Directory | + | |
Radius Clients and Servers -> new | Radius Clients and Servers -> new | ||
Polices -> Network Polices -> new | Polices -> Network Polices -> new | ||
- | Plicy Name: my policy | + | Plicy Name: policy 802.1x |
- | Conditions: Windows Group -> Dimain Users | + | Conditions: Windows Group -> Domain Users |
- | Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) | + | Configure Authentifications Methods -> Add -> Microsoft...(PEAP) |
</code> | </code> | ||
- | === Управление атрибутами === | + | * При использовании PEAP в XSupplicant необходимо в поле "Other Identity" указать имя пользователя |
+ | ==== Управление атрибутами ==== | ||
- | [[http://technet.microsoft.com/en-us/library/cc731611(v=ws.10).aspx]] | + | * Configure a Custom VSA ([[http://technet.microsoft.com/en-us/library/cc731611.aspx]]) |
+ | * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://habrahabr.ru/post/135419/]]) | ||
<code> | <code> | ||
Server Manager -> Roles -> | Server Manager -> Roles -> | ||
Network Polices and Access Services -> NPS(local) -> | Network Polices and Access Services -> NPS(local) -> | ||
- | Polices -> Network Polices -> my policy -> Propeties -> Settings | + | Polices -> Network Polices -> policy cisco admin -> Propeties |
- | Standart -> Service-Type = NAS-Prompt | + | Constraints -> |
- | Vendor Specific -> Cisco-AVPair = "shell:priv-lvl=15" | + | Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) |
+ | Settings -> | ||
+ | Standart -> Service-Type = NAS-Prompt | ||
+ | Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15 | ||
</code> | </code> | ||
| | ||
- | ==== Win2003 ==== | + | ===== Win2003 ===== |
- | + | ||
- | * Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS) | + | |
- | * Add peer to IAS (intgate) | + | |
- | * Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication | + | |
- | * Check Unencrypted authentication (PAP, SPAP) | + | |
- | * Permit DialIn for user user | + | |
+ | <code> | ||
+ | Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS) | ||
+ | Add peer to IAS (intgate) | ||
+ | Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication | ||
+ | Check Unencrypted authentication (PAP, SPAP) | ||
+ | Permit DialIn for user user | ||
+ | </code> |