Configuring Server 2008 for RADIUS Authentication

最新推荐文章于 2021-09-29 14:31:21 发布
最新推荐文章于 2021-09-29 14:31:21 发布
阅读量1.9k 收藏
点赞数
文章标签: authentication server encryption domain network access

http://hi.baidu.com/sxsyyq/blog/item/13989cf3c9ed47ce0a46e0a7.html

 http://www.google.com.hk/search?hl=zh-CN&newwindow=1&safe=strict&rlz=1R2GGLL_zh-CNCN383&q=Windows+2008+R2%E5%AE%9E%E6%88%98&btnG=Google+%E6%90%9C%E7%B4%A2&aq=f&aqi=&aql=&oq=&gs_rfai=

http://security.ctocio.com.cn/117/9455617.shtml

http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/

 

 

I like connecting to my network using my pfSense firewall's built-in VPN server.  Following these steps, I can configure Windows Server 2008 to provide the authentication credentials for pfSense via RADIUS.  I figured this out using this great guide that I referenced for Windows Server 2003...

Enable "reversible password encryption" for your domain users.
Globally:

  1. Admin Tools - Group Policy Management
  2. Choose your forest, domain and then right click your Default Domain Policy and choose Edit.
  3. Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> Store passwords using reversible encryption = Enabled.

Per User:

  1. I prefer doing it globally, but you can do it on a per user basis by opening your domain user's properties and checking "Store password using reversible encryption" on the Account tab.

*Restart the domain controller after these Group Policy changes.

Enable Windows Server 2008 Network Policy Server (NPS)

  1. Add the "Network Policy and Access Services" role to your domain controller.
  2. Enable these role services during installation:
    Network Policy Server
    Routing & Remote Access Services
       Remote Access Service
       Routing

Verify the RADIUS Port Numbers

  1. Server Manager -> Roles -> Network Policy and Access -> Right-click NPS (Local) -> Properties -> Ports Tab.
  2. Verify the defaults for Authentication are 1812,1645.
  3. Verify the defaults for Accounting are 1813, 1646.
  4. The 18 set is for a secure connection, or vice-versa.  You can change things to match your RADIUS client, but the defaults should be fine.

Add a new RADIUS Client

  1. NPS (Local) -> RADIUS Clients and Servers -> RADIUS Clients -> Right-click Add new Client.
  2. Add a name, the ip address of your client and create a shared secret.

Add a new Network Policy

  1. NPS (Local) -> Policies -> Right-click Network Policies -> Add new.
  2. Enter a name and leave Type of network access server as Unspecified.  Click Next.
  3. Add a condition.  Choose Windows Groups.  Add a Group ("Domain Users" for example).  Click OK, then Next.
  4. Choose Access Granted.  Click Next.
  5. Leave the default Authentication Methods.  Click Next.
  6. Leave the Default Constraints.  (Although they look like some cool new features you may want to use.)  Click Next.
  7. Leave the Default Settings.  Click Next.
  8. Click Finish.

Granting or Denying Access to Users

  1. Right click a domain user -> Properties -> Dial-in tab.
  2. You can Grant or Deny here, but I just leave the NPS Policy we setup earlier to allow all domain users through.

Configure your RADIUS Client

  1. In this case, I enable a PPTP VPN server on my pfSense firewall and point it to my domain controller/NPS services machine where we just configured everything.  Input the shared secret and then login from anywhere!

Happy VPN'ing!

cnbird2008
关注
CCNP350-401学习笔记(501-550题)
shuyan1115的博客
02-22 524
CCNP350-401学习笔记(2023.2.22)
JunOS Space Radius Authentication with Free Radius Server TekRADIUS
Cyber Security Memo
09-02 141
(adsbygoogle = window.adsbygoogle || []).push({}); TekRADIUS is a RADIUS server for Windows with built-in DHCP server. TekRADIUS is tested on Microsoft Windows XP, Vista, Windows 7/8/10 and...
Hostapd configuration instructions for the RADIUS server
ESP 技术分享,推动万物互联
06-10 302
This paper provides an environment construction about enterprise-level encrypted RADIUS server configuration for readers’ reference. 1 Install hostapd ```bash $ sudo apt-get install libnl1 libnl-dev libnl-doc $ sudo apt-get install libssl-dev $ sudo apt.
configuring 802.1x port-based authentication
achejq的专栏
10-31 2303
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html Understanding 802.1X Port-Based Authentication The IEEE 802.1X st
ss5 mysql radius_ss5.conf
weixin_33929779的博客
02-22 625
## SECTION # \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\## TAG: set## set option name:## SS5_DNSORDER -> order dns answer# SS5_...
基于OpenWRT+FreeRadius+TinyRadius+Daloradius实现portal加radius安全认证
u010968350的博客
09-29 2716
OpenWRT+FreeRadius+TinyRadius+Daloradius实现portal加radius认证 想要实现的需求是:当接入网络时,需要跳转到自定义的portal认证页面,输入用户名和密码后,跳转到Freeradius进行认证,认证完成后才允许用户联网。实质上就是实现了portal认证和radius认证方式的相结合,以此来实现多重安全认证。 基本知识介绍 AAA: AAA是认证(Authentication)、授权(Authorization)和计费(Accounting)的简称,是
Setting up Wireless 802.1x with Windows Server 2008 and NPS
The 44th Demilitarized Zone
10-07 2753
Setting up Wireless 802.1x with Windows Server 2008 and NPS                         Filed Under (Windows Networking) by Just An Admin on
AAA Server Groups
剪刀石头布
04-21 525
Configuring the device to use AAA server groups provides a way to group existing server hosts. Grouping existing server hosts allows you to select a subset of the configured server hosts and use ...
Build SIP-based VOIP Service With RADIUS AAA Using Kamailio (OpenSER) And FreeRadius
RTC hacker
10-18 2372
<br />Table of Contents1. Overview2. The architecture of the VoIP service3. FreeRadius Installation4. OpenSER Installation4.1. RadiusClient-ng library installation4.2. OpenSER installation from sources4.3. OpenSER RADIUS Dictionary5. FreeRadius configurati
TACACS+/RADIUS服务器搭建记录
weixin_30588827的博客
08-09 1389
TACACS+/RADIUS服务器搭建记录 1、TACACS+相关信息 TACACS+软件下载地址 TACACS+首页介绍 2、RADIUS软件下载地址 1)FreeRADIUS下载地址 2)FreeRADIUS官方文档 3)FreeRADIUS的...
java-ssm+vue电影推荐系统实现源码(项目源码-说明文档)
09-18
基于协同过滤算法的电影推荐系统的部署与应用,将对首页,个人中心,用户管理,电影分类管理,免费电影管理,付费电影管理,电影订单管理,我的电影管理,电影论坛,系统管理等功能进行管理 项目关键技术 开发工具:IDEA 、Eclipse 编程语言: Java 数据库: MySQL5.7+ 后端技术:ssm 前端技术:Vue 关键技术:springboot、SSM、vue、MYSQL、MAVEN 数据库工具:Navicat、SQLyog
12345688882222
09-18
12345688882222
4-3_Business_DK_BLUE_2017_09-CL-20180524MTAX.potx
09-18
微软演示材料
java基于ssm+jsp北关村基本办公管理系统源码 带毕业论文+PPT
最新发布
09-18
1、开发环境:ssm框架;内含Mysql数据库;JSP技术 2、需要项目部署的可以私信 3、项目代码都经过严格调试,代码没有任何bug! 4、该资源包括项目的全部源码,下载可以直接使用! 5、本项目适合作为计算机、数学、电子信息等专业的课程设计、期末大作业和毕设项目,作为参考资料学习借鉴。 6、本资源作为“参考资料”如果需要实现其他功能,需要能看懂代码,并且热爱钻研,自行调试。
最新潮乎盲盒源码及搭建教程 后端采用Laravel框架开发
09-18
采用后端Laravel框架进行开发,前端开发框架则使用了uniapp+vue。在环境配置方面,我们建议使用php7.4 + mysql5.6 + nginx1.22 + redis,并且推荐使用宝塔面板或lnmp等工具进行配置。
java基于ssm+jsp大学生成果登记系统源码
09-18
1、开发环境:ssm框架;内含Mysql数据库;JSP技术 2、需要项目部署的可以私信 3、项目代码都经过严格调试,代码没有任何bug! 4、该资源包括项目的全部源码,下载可以直接使用! 5、本项目适合作为计算机、数学、电子信息等专业的课程设计、期末大作业和毕设项目,作为参考资料学习借鉴。 6、本资源作为“参考资料”如果需要实现其他功能,需要能看懂代码,并且热爱钻研,自行调试。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值