User Tools

Site Tools


radius_аутентификация_в_microsoft_ad

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
radius_аутентификация_в_microsoft_ad [2013/10/09 17:02]
val [Win2008]
radius_аутентификация_в_microsoft_ad [2013/12/15 07:27] (current)
val
Line 1: Line 1:
 ====== RADIUS аутентификация в Microsoft AD ====== ====== RADIUS аутентификация в Microsoft AD ======
  
-===== Добавление RADIUS интерфейса к AD =====+===== Win2008 ​=====
  
-==== Win2008 ​====+==== Установка и настройка ​====
  
-=== Установка и настройка === +  * Using Windows 2008 for RADIUS Authentification ([[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]])
- +
-[[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]]+
  
 <​code>​ <​code>​
Line 14: Line 12:
   Network Polices and Access Services -> NPS(local) -> Register server in Active Directory   Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
     Radius Clients and Servers -> new     Radius Clients and Servers -> new
-    ​Polices -> Network Polices -> new +    ​...
-      Plicy Name: my policy +
-      Conditions: Windows Group -> Dimain Users +
-      Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)+
 </​code>​ </​code>​
  
-=== Управление атрибутами ===+==== Аутентификация Cisco login ====
  
-[[http://​technet.microsoft.com/​en-us/​library/​cc731611(v=ws.10).aspx]]+<​code>​ 
 +Server Manager -> Roles -> 
 +  Network Polices and Access Services -> NPS(local) ->  
 +    Polices -> Network Polices -> policy cisco admin -> Propeties 
 +      Constraints -> 
 +        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) 
 +      Settings -> 
 +        Standart -> Service-Type = NAS-Prompt 
 +</​code>​ 
 + 
 +==== Авторизация Cisco exec ==== 
 + 
 +  * Configure a Custom VSA ([[http://​technet.microsoft.com/​en-us/​library/​cc731611.aspx]]) 
 +  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://​habrahabr.ru/​post/​135419/​]])
  
 <​code>​ <​code>​
 Server Manager -> Roles -> Server Manager -> Roles ->
   Network Polices and Access Services -> NPS(local) ->    Network Polices and Access Services -> NPS(local) -> 
-    Polices -> Network Polices -> my policy -> Propeties -> Settings +    Polices -> Network Polices -> policy ​cisco admin -> Propeties 
-      Standart -> Service-Type = NAS-Prompt +      Constraints ​-> 
-      Vendor Specific -> Cisco-AVPair = shell:​priv-lvl=15+        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) 
 +      ​Settings -> 
 +        ​Standart -> Service-Type = NAS-Prompt 
 +        Vendor Specific -> Cisco-AVPair = shell:​priv-lvl=15
 </​code> ​   ​ </​code> ​   ​
 +
 +==== Аутентификация 802.1x (PEAP) ====
 +
 +  * При использовании PEAP в XSupplicant необходимо в поле "Other Identity"​ указать имя пользователя
 +
 +<​code>​
 +Server Manager -> Roles -> 
 +  Add Roles -> Active Directory Certificate Services
 +   ... Web Enrollment ...
 +
 +Server Manager -> Roles ->
 +  Network Polices and Access Services -> NPS(local) -> 
 +    Polices -> Network Polices -> new
 +      Plicy Name: policy 802.1x
 +      Conditions: Windows Group -> Domain Users
 +      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
 +</​code>​
       ​       ​
-==== Win2003 ====+===== Win2003 ​=====
  
 <​code>​ <​code>​
radius_аутентификация_в_microsoft_ad.1381323761.txt.gz · Last modified: 2013/10/09 17:02 by val