User Tools
radius_аутентификация_в_microsoft_ad
This is an old revision of the document!
Table of Contents
RADIUS аутентификация в Microsoft AD
Win2008
Установка и настройка
- Using Windows 2008 for RADIUS Authentification (http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/)
Server Manager -> Roles ->
Add Roles -> Network Polices and Access Services -> Network Policy Server
Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
Radius Clients and Servers -> new
Polices -> Network Polices -> new
Plicy Name: policy 802.1x
Conditions: Windows Group -> Domain Users
Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
- При использовании PEAP в XSupplicant необходимо в поле “Other Identity” указать имя пользователя
Управление атрибутами
- Configure a Custom VSA (http://technet.microsoft.com/en-us/library/cc731611.aspx)
- Аутентификация на сетевых устройствах CISCO средствами Active Directory (http://habrahabr.ru/post/135419/)
Server Manager -> Roles ->
Network Polices and Access Services -> NPS(local) ->
Polices -> Network Polices -> policy cisco admin -> Propeties
Constraints ->
Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
Settings ->
Standart -> Service-Type = NAS-Prompt
Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15
Win2003
Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
Add peer to IAS (intgate)
Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
Check Unencrypted authentication (PAP, SPAP)
Permit DialIn for user user
radius_аутентификация_в_microsoft_ad.1385095807.txt.gz · Last modified: 2013/11/22 08:50 by val
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
