This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
radius_аутентификация_в_microsoft_ad [2013/10/09 16:20] val [Ubuntu] |
radius_аутентификация_в_microsoft_ad [2013/10/09 17:02] val [Win2008] |
||
---|---|---|---|
Line 4: | Line 4: | ||
==== Win2008 ==== | ==== Win2008 ==== | ||
+ | |||
+ | === Установка и настройка === | ||
[[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]] | [[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]] | ||
Line 10: | Line 12: | ||
Server Manager -> Roles -> | Server Manager -> Roles -> | ||
Add Roles -> Network Polices and Access Services -> Network Policy Server | Add Roles -> Network Polices and Access Services -> Network Policy Server | ||
- | Network Polices and Access Services -> NPS(local) -> | + | Network Polices and Access Services -> NPS(local) -> Register server in Active Directory |
- | Register server in Active Directory | + | |
Radius Clients and Servers -> new | Radius Clients and Servers -> new | ||
Polices -> Network Polices -> new | Polices -> Network Polices -> new | ||
Line 18: | Line 19: | ||
Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) | Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) | ||
</code> | </code> | ||
- | ==== Win2003 ==== | ||
- | * Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS) | + | === Управление атрибутами === |
- | * Add peer to IAS (intgate) | + | |
- | * Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication | + | [[http://technet.microsoft.com/en-us/library/cc731611(v=ws.10).aspx]] |
- | * Check Unencrypted authentication (PAP, SPAP) | + | |
- | * Permit DialIn for user user | + | |
- | ===== Тестирование RADIUS интерфейса к AD ===== | ||
<code> | <code> | ||
- | gate# radtest user1 'Pa$$w0rd1' server 1 'testing123' | + | Server Manager -> Roles -> |
- | </code> | + | Network Polices and Access Services -> NPS(local) -> |
+ | Polices -> Network Polices -> my policy -> Propeties -> Settings | ||
+ | Standart -> Service-Type = NAS-Prompt | ||
+ | Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15 | ||
+ | </code> | ||
+ | |||
+ | ==== Win2003 ==== | ||
- | ===== Нестройка библиотеки pam radius для сервиса ssh ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gate:~] # cat /etc/radius.conf | + | Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS) |
- | </code><code> | + | Add peer to IAS (intgate) |
- | auth server testing123 3 | + | Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication |
- | </code><code> | + | Check Unencrypted authentication (PAP, SPAP) |
- | [gate:~] # cat /etc/pam.d/system | + | Permit DialIn for user user |
- | </code><code> | + | |
- | ... | + | |
- | auth sufficient pam_radius.so no_warn try_first_pass | + | |
- | auth required pam_unix.so no_warn try_first_pass | + | |
- | ... | + | |
- | </code> | + | |
- | ==== Ubuntu ==== | + | |
- | <code> | + | |
- | root@gate:~# apt-get install libpam-radius-auth | + | |
- | + | ||
- | root@gate:~# cat /etc/pam_radius_auth.conf | + | |
- | </code><code> | + | |
- | server testing123 3 | + | |
- | </code><code> | + | |
- | root@gate:~# cat /etc/pam.d/login | + | |
- | </code><code> | + | |
- | ... | + | |
- | auth sufficient pam_radius_auth.so | + | |
- | # Standard Un*x authentication. | + | |
- | ... | + | |
</code> | </code> |