User Tools

Site Tools


radius_аутентификация_в_microsoft_ad

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
radius_аутентификация_в_microsoft_ad [2013/10/09 16:45]
val
radius_аутентификация_в_microsoft_ad [2013/11/21 16:23]
val
Line 1: Line 1:
 ====== RADIUS аутентификация в Microsoft AD ====== ====== RADIUS аутентификация в Microsoft AD ======
  
-===== Добавление RADIUS интерфейса к AD =====+===== Win2008 ​=====
  
-==== Win2008 ​====+==== Установка и настройка ​====
  
-=== Установка и настройка === +  * Using Windows 2008 for RADIUS Authentification ([[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]])
- +
-[[http://​www.fatofthelan.com/​technical/​using-windows-2008-for-radius-authentication/​]]+
  
 <​code>​ <​code>​
 Server Manager -> Roles ->  Server Manager -> Roles -> 
   Add Roles -> Network Polices and Access Services -> Network Policy Server   Add Roles -> Network Polices and Access Services -> Network Policy Server
-  Network Polices and Access Services -> NPS(local) ->  +  Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
-    ​Register server in Active Directory+
     Radius Clients and Servers -> new     Radius Clients and Servers -> new
     Polices -> Network Polices -> new     Polices -> Network Polices -> new
-      Plicy Name: my policy +      Plicy Name: policy ​802.1x 
-      Conditions: Windows Group -> Dimain ​Users +      Conditions: Windows Group -> Domain ​Users 
-      Configure Authentifications Methods -> Unencrypted Authentificatios ​(PAP, SPAP)+      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
 </​code>​ </​code>​
  
-=== Управление атрибутами ===+==== Управление атрибутами ​====
  
-[[http://​technet.microsoft.com/​en-us/​library/​cc731611(v=ws.10).aspx]]+  * Configure a Custom VSA ([[http://​technet.microsoft.com/​en-us/​library/​cc731611.aspx]]) 
 +  * Аутентификация на сетевых устройствах CISCO средствами Active Directory ([[http://​habrahabr.ru/​post/​135419/​]])
  
 <​code>​ <​code>​
 Server Manager -> Roles -> Server Manager -> Roles ->
   Network Polices and Access Services -> NPS(local) ->    Network Polices and Access Services -> NPS(local) -> 
-    Polices -> Network Polices -> my policy -> Propeties -> Settings+    Polices -> Network Polices -> policy ​cisco admin -> Propeties 
 +      Constraints ​-> 
 +        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP) 
 +      ​Settings ​-> 
 +        Standart -> Service-Type = NAS-Prompt 
 +        Vendor Specific -> Cisco-AVPair = shell:​priv-lvl=15
 </​code> ​   ​ </​code> ​   ​
       ​       ​
-==== Win2003 ==== +===== Win2003 =====
- +
-  * Add/Remove Programm -> Windows Components -> Networking services/​Internet Authenticatin Service (IAS) +
-  * Add peer to IAS (intgate) +
-  * Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication +
-  * Check Unencrypted authentication (PAP, SPAP) +
-  * Permit DialIn for user user+
  
 +<​code>​
 +Add/Remove Programm -> Windows Components -> Networking services/​Internet Authenticatin Service (IAS)
 +  Add peer to IAS (intgate)
 +    Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
 +    Check Unencrypted authentication (PAP, SPAP)
 +    Permit DialIn for user user
 +</​code>​
radius_аутентификация_в_microsoft_ad.txt · Last modified: 2013/12/15 07:27 by val