User Tools

Site Tools


This is an old revision of the document!

RADIUS аутентификация в Microsoft AD


Установка и настройка

Server Manager -> Roles -> 
  Add Roles -> Network Polices and Access Services -> Network Policy Server
  Network Polices and Access Services -> NPS(local) -> Register server in Active Directory
    Radius Clients and Servers -> new
    Polices -> Network Polices -> new
      Plicy Name: policy 802.1x
      Conditions: Windows Group -> Domain Users
      Configure Authentifications Methods -> Add -> Microsoft...(PEAP)
  • При использовании PEAP в XSupplicant необходимо в поле “Other Identity” указать имя пользователя

Управление атрибутами

Server Manager -> Roles ->
  Network Polices and Access Services -> NPS(local) -> 
    Polices -> Network Polices -> policy cisco admin -> Propeties
      Constraints ->
        Configure Authentifications Methods -> Unencrypted Authentificatios (PAP, SPAP)
      Settings ->
        Standart -> Service-Type = NAS-Prompt
        Vendor Specific -> Cisco-AVPair = shell:priv-lvl=15


Add/Remove Programm -> Windows Components -> Networking services/Internet Authenticatin Service (IAS)
  Add peer to IAS (intgate)
    Remote Access Polices -> Connection to other access server -> Properties -> Edit Profile -> Authentication
    Check Unencrypted authentication (PAP, SPAP)
    Permit DialIn for user user
radius_аутентификация_в_microsoft_ad.1385095807.txt.gz · Last modified: 2013/11/22 08:50 by val