User Tools

Site Tools


radius_аутентификация_в_microsoft_ad

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
radius_аутентификация_в_microsoft_ad [2013/10/09 12:51]
val [Добавление RADIUS интерфейса к AD]
radius_аутентификация_в_microsoft_ad [2013/11/22 08:50]
val [Установка и настройка]
Line 1: Line 1:
 ====== RADIUS аутентификация в Microsoft AD ====== ====== RADIUS аутентификация в Microsoft AD ======
  
-===== Добавление RADIUS интерфейса к AD =====+===== Win2008 ​=====
  
-==== Win2008 ​====+==== Установка и настройка ​====
  
-[[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]]+  * Using Windows 2008 for RADIUS Authentification ([[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]])
  
-**Server Manager ->  
- 
-==== Win2003 ==== 
- 
-**Add/​Remove Programm -> Windows Components -> Networking services/​Internet Authenticatin Service (IAS)** 
- 
-**Add peer to IAS (intgate)** 
- 
-**Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication** ​ 
- 
-**Check Unencrypted authentication (PAP, SPAP)** 
- 
-**Permit DialIn for user user** 
-===== Тестирование RADIUS интерфейса к AD ===== 
 <​code>​ <​code>​
-gate# radtest user1 '​Pa$$w0rd1' ​server ​1 '​testing123'​+Server Manager -> Roles ->  
 +  Add Roles -> Network Polices and Access Services -> Network Policy Server 
 +  Network Polices and Access Services -> NPS(local) -> Register ​server ​in Active Directory 
 +    Radius Clients and Servers -> new 
 +    Polices -> Network Polices -> new 
 +      Plicy Name: policy 802.1x 
 +      Conditions: Windows Group -> Domain Users 
 +      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
 </​code>​ </​code>​
  
-===== Нестройка библиотеки ​pam radius для сервиса ssh =====+  * При использовании PEAP в XSupplicant необходимо в поле "Other Identity"​ указать имя пользователя 
 +==== Управление атрибутами ==== 
 + 
 +  * Configure a Custom VSA ([[http://​technet.microsoft.com/​en-us/​library/​cc731611.aspx]]) 
 +  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://​habrahabr.ru/​post/​135419/​]])
  
-==== FreeBSD ==== 
 <​code>​ <​code>​
-[gate:~] # cat /etc/​radius.conf +Server Manager -> Roles -> 
-auth server testing123 3+  Network Polices and Access Services -> NPS(local) ->  
 +    Polices -> Network Polices -> policy cisco admin -> Propeties 
 +      Constraints -> 
 +        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) 
 +      Settings -> 
 +        Standart -> Service-Type = NAS-Prompt 
 +        Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15 
 +</code> ​    
 +      ​ 
 +===== Win2003 =====
  
-[gate:~] # cat /​etc/​pam.d/​system 
-... 
-auth    sufficient ​     pam_radius.so ​  ​no_warn try_first_pass 
-auth    required ​       pam_unix.so ​    ​no_warn try_first_pass ​ 
-... 
-</​code>​ 
- 
-==== Ubuntu ==== 
 <​code>​ <​code>​
-root@gate:​~#​ apt-get install libpam-radius-auth +Add/Remove Programm ​-> Windows Components ​-> Networking services/Internet Authenticatin Service (IAS) 
- +  Add peer to IAS (intgate) 
-root@gate:​~#​ cat /etc/pam_radius_auth.conf +    ​Remote Access Polices -> Connection to other access ​server ​-> Properties -> Edit Profile -> Authentication 
-... +    Check Unencrypted ​authentication ​(PAP, SPAP) 
-server ​testing123 3 +    ​Permit DialIn for user user
-... +
- +
-root@gate:​~#​ cat /​etc/​pam.d/​login +
-... +
-auth       ​sufficient ​  ​pam_radius_auth.so +
-# Standard Un*x authentication. +
-...+
 </​code>​ </​code>​
radius_аутентификация_в_microsoft_ad.txt · Last modified: 2013/12/15 07:27 by val