Differences

This shows you the differences between two versions of the page.

--- radius_аутентификация_в_microsoft_ad [2013/10/09 16:42]
val [Win2008]
+++ radius_аутентификация_в_microsoft_ad [2013/11/22 08:50]
val [Установка и настройка]
@@ Line 1: / Line 1: @@
 ====== RADIUS аутентификация в Microsoft AD ======
-===== Добавление RADIUS интерфейса к AD =====
+===== Win2008 =====
-==== Win2008 ====
+==== Установка и настройка ====
-=== Установка и настройка ===
+  * Using Windows 2008 for RADIUS Authentification ([[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]])
-[[http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/]]
 <code>
 Server Manager -> Roles ->
   Add Roles -> Network Polices and Access Services -> Network Policy Server
-  Network Polices and Access Services -> NPS(local) ->
+  Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
-    Register server in Active Directory
     Radius Clients and Servers -> new
     Polices -> Network Polices -> new
-      Plicy Name: my policy
+      Plicy Name: policy 802.1x
-      Conditions: Windows Group -> Dimain Users
+      Conditions: Windows Group -> Domain Users
-      Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
+      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
 </code>
-=== Управление атрибутами ===
+  * При использовании PEAP в XSupplicant необходимо в поле "Other Identity" указать имя пользователя
+==== Управление атрибутами ====
-[[http://technet.microsoft.com/en-us/library/cc731611(v=ws.10).aspx]]
+  * Configure a Custom VSA ([[http://technet.microsoft.com/en-us/library/cc731611.aspx]])
+  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://habrahabr.ru/post/135419/]])
 <code>
 Server Manager -> Roles ->
   Network Polices and Access Services -> NPS(local) ->
-    Polices -> Network Polices -> my policy -> Propeties -> Settings
+    Polices -> Network Polices -> policy cisco admin -> Propeties
+      Constraints ->
+        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
+      Settings ->
+        Standart -> Service-Type = NAS-Prompt
+        Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15
 </code>
-==== Win2003 ====
+===== Win2003 =====
-  * Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
-  * Add peer to IAS (intgate)
-  * Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
-  * Check Unencrypted authentication (PAP, SPAP)
-  * Permit DialIn for user user
-===== Тестирование RADIUS интерфейса к AD =====
 <code>
-gate# radtest user1 'Pa$$w0rd1' server 1 'testing123'
+Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
-</code>
+  Add peer to IAS (intgate)
+    Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
-===== Нестройка библиотеки pam radius для сервиса ssh =====
+    Check Unencrypted authentication (PAP, SPAP)
+    Permit DialIn for user user
-==== FreeBSD ====
-<code>
-[gate:~] # cat /etc/radius.conf
-</code><code>
-auth server testing123 3
-</code><code>
-[gate:~] # cat /etc/pam.d/system
-</code><code>
-...
-auth    sufficient      pam_radius.so   no_warn try_first_pass
-auth    required        pam_unix.so     no_warn try_first_pass
-...
-</code>
-==== Ubuntu ====
-<code>
-root@gate:~# apt-get install libpam-radius-auth
-root@gate:~# cat /etc/pam_radius_auth.conf
-</code><code>
-server testing123 3
-</code><code>
-root@gate:~# cat /etc/pam.d/login
-</code><code>
-...
-auth       sufficient   pam_radius_auth.so
-# Standard Un*x authentication.
-...
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools