User Tools

Site Tools


This is an old revision of the document!

RADIUS аутентификация в Microsoft AD

Добавление RADIUS интерфейса к AD


Server Manager -> Roles -> 
  Add Roles -> Network Polices and Access Services -> Network Policy Server
  Network Polices and Access Services -> NPS(local) -> 
    Register server in Active Directory
    Radius Clients and Servers -> new
    Polices -> Network Polices -> new
      Plicy Name: my policy
      Conditions: Windows Group -> Dimain Users
      Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)


  • Add/Remove Programm → Windows Components → Networking services/Internet Authenticatin Service (IAS)
  • Add peer to IAS (intgate)
  • Remote Access Polices → Connection to other access server → Properties → Edit Profile → Authentication
  • Check Unencrypted authentication (PAP, SPAP)
  • Permit DialIn for user user

Тестирование RADIUS интерфейса к AD

gate# radtest user1 'Pa$$w0rd1' server 1 'testing123'

Нестройка библиотеки pam radius для сервиса ssh


[gate:~] # cat /etc/radius.conf
auth server testing123 3
[gate:~] # cat /etc/pam.d/system
auth    sufficient   no_warn try_first_pass
auth    required     no_warn try_first_pass 


root@gate:~# apt-get install libpam-radius-auth

root@gate:~# cat /etc/pam_radius_auth.conf
server testing123 3

root@gate:~# cat /etc/pam.d/login
auth       sufficient
# Standard Un*x authentication.
radius_аутентификация_в_microsoft_ad.1381321243.txt.gz · Last modified: 2013/10/09 16:20 by val