====== RADIUS аутентификация в Microsoft AD ======

===== Win2008 =====

==== Установка и настройка ====

  * Using Windows 2008 for RADIUS Authentification ([[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]])

<code>
Server Manager -> Roles -> 
  Add Roles -> Network Polices and Access Services -> Network Policy Server
  Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
    Radius Clients and Servers -> new
    ...
</code>

==== Аутентификация Cisco login ====

<code>
Server Manager -> Roles ->
  Network Polices and Access Services -> NPS(local) -> 
    Polices -> Network Polices -> policy cisco admin -> Propeties
      Constraints ->
        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
      Settings ->
        Standart -> Service-Type = NAS-Prompt
</code>

==== Авторизация Cisco exec ====

  * Configure a Custom VSA ([[http://technet.microsoft.com/en-us/library/cc731611.aspx]])
  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://habrahabr.ru/post/135419/]])

<code>
Server Manager -> Roles ->
  Network Polices and Access Services -> NPS(local) -> 
    Polices -> Network Polices -> policy cisco admin -> Propeties
      Constraints ->
        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
      Settings ->
        Standart -> Service-Type = NAS-Prompt
        Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15
</code>    

==== Аутентификация 802.1x (PEAP) ====

  * При использовании PEAP в XSupplicant необходимо в поле "Other Identity" указать имя пользователя

<code>
Server Manager -> Roles -> 
  Add Roles -> Active Directory Certificate Services
   ... Web Enrollment ...

Server Manager -> Roles ->
  Network Polices and Access Services -> NPS(local) -> 
    Polices -> Network Polices -> new
      Plicy Name: policy 802.1x
      Conditions: Windows Group -> Domain Users
      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
</code>
      
===== Win2003 =====

<code>
Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
  Add peer to IAS (intgate)
    Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
    Check Unencrypted authentication (PAP, SPAP)
    Permit DialIn for user user
</code>