Configuring Server 2008 for RADIUS Authentication

最新推荐文章于 2021-09-29 14:31:21 发布
最新推荐文章于 2021-09-29 14:31:21 发布
阅读量1.9k 收藏
点赞数
文章标签: authentication server encryption domain network access

http://hi.baidu.com/sxsyyq/blog/item/13989cf3c9ed47ce0a46e0a7.html

 http://www.google.com.hk/search?hl=zh-CN&newwindow=1&safe=strict&rlz=1R2GGLL_zh-CNCN383&q=Windows+2008+R2%E5%AE%9E%E6%88%98&btnG=Google+%E6%90%9C%E7%B4%A2&aq=f&aqi=&aql=&oq=&gs_rfai=

http://security.ctocio.com.cn/117/9455617.shtml

http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/

 

 

I like connecting to my network using my pfSense firewall's built-in VPN server.  Following these steps, I can configure Windows Server 2008 to provide the authentication credentials for pfSense via RADIUS.  I figured this out using this great guide that I referenced for Windows Server 2003...

Enable "reversible password encryption" for your domain users.
Globally:

  1. Admin Tools - Group Policy Management
  2. Choose your forest, domain and then right click your Default Domain Policy and choose Edit.
  3. Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> Store passwords using reversible encryption = Enabled.

Per User:

  1. I prefer doing it globally, but you can do it on a per user basis by opening your domain user's properties and checking "Store password using reversible encryption" on the Account tab.

*Restart the domain controller after these Group Policy changes.

Enable Windows Server 2008 Network Policy Server (NPS)

  1. Add the "Network Policy and Access Services" role to your domain controller.
  2. Enable these role services during installation:
    Network Policy Server
    Routing & Remote Access Services
       Remote Access Service
       Routing

Verify the RADIUS Port Numbers

  1. Server Manager -> Roles -> Network Policy and Access -> Right-click NPS (Local) -> Properties -> Ports Tab.
  2. Verify the defaults for Authentication are 1812,1645.
  3. Verify the defaults for Accounting are 1813, 1646.
  4. The 18 set is for a secure connection, or vice-versa.  You can change things to match your RADIUS client, but the defaults should be fine.

Add a new RADIUS Client

  1. NPS (Local) -> RADIUS Clients and Servers -> RADIUS Clients -> Right-click Add new Client.
  2. Add a name, the ip address of your client and create a shared secret.

Add a new Network Policy

  1. NPS (Local) -> Policies -> Right-click Network Policies -> Add new.
  2. Enter a name and leave Type of network access server as Unspecified.  Click Next.
  3. Add a condition.  Choose Windows Groups.  Add a Group ("Domain Users" for example).  Click OK, then Next.
  4. Choose Access Granted.  Click Next.
  5. Leave the default Authentication Methods.  Click Next.
  6. Leave the Default Constraints.  (Although they look like some cool new features you may want to use.)  Click Next.
  7. Leave the Default Settings.  Click Next.
  8. Click Finish.

Granting or Denying Access to Users

  1. Right click a domain user -> Properties -> Dial-in tab.
  2. You can Grant or Deny here, but I just leave the NPS Policy we setup earlier to allow all domain users through.

Configure your RADIUS Client

  1. In this case, I enable a PPTP VPN server on my pfSense firewall and point it to my domain controller/NPS services machine where we just configured everything.  Input the shared secret and then login from anywhere!

Happy VPN'ing!

cnbird2008
关注
CCNP350-401学习笔记(501-550题)
shuyan1115的博客
02-22 525
CCNP350-401学习笔记(2023.2.22)
JunOS Space Radius Authentication with Free Radius Server TekRADIUS
Cyber Security Memo
09-02 141
(adsbygoogle = window.adsbygoogle || []).push({}); TekRADIUS is a RADIUS server for Windows with built-in DHCP server. TekRADIUS is tested on Microsoft Windows XP, Vista, Windows 7/8/10 and...
Hostapd configuration instructions for the RADIUS server
ESP 技术分享,推动万物互联
06-10 305
This paper provides an environment construction about enterprise-level encrypted RADIUS server configuration for readers’ reference. 1 Install hostapd ```bash $ sudo apt-get install libnl1 libnl-dev libnl-doc $ sudo apt-get install libssl-dev $ sudo apt.
configuring 802.1x port-based authentication
achejq的专栏
10-31 2304
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html Understanding 802.1X Port-Based Authentication The IEEE 802.1X st
ss5 mysql radius_ss5.conf
weixin_33929779的博客
02-22 628
## SECTION # \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\## TAG: set## set option name:## SS5_DNSORDER -> order dns answer# SS5_...
基于OpenWRT+FreeRadius+TinyRadius+Daloradius实现portal加radius安全认证
u010968350的博客
09-29 2743
OpenWRT+FreeRadius+TinyRadius+Daloradius实现portal加radius认证 想要实现的需求是:当接入网络时,需要跳转到自定义的portal认证页面,输入用户名和密码后,跳转到Freeradius进行认证,认证完成后才允许用户联网。实质上就是实现了portal认证和radius认证方式的相结合,以此来实现多重安全认证。 基本知识介绍 AAA: AAA是认证(Authentication)、授权(Authorization)和计费(Accounting)的简称,是
Setting up Wireless 802.1x with Windows Server 2008 and NPS
The 44th Demilitarized Zone
10-07 2755
Setting up Wireless 802.1x with Windows Server 2008 and NPS                         Filed Under (Windows Networking) by Just An Admin on
AAA Server Groups
剪刀石头布
04-21 528
Configuring the device to use AAA server groups provides a way to group existing server hosts. Grouping existing server hosts allows you to select a subset of the configured server hosts and use ...
Build SIP-based VOIP Service With RADIUS AAA Using Kamailio (OpenSER) And FreeRadius
RTC hacker
10-18 2372
<br />Table of Contents1. Overview2. The architecture of the VoIP service3. FreeRadius Installation4. OpenSER Installation4.1. RadiusClient-ng library installation4.2. OpenSER installation from sources4.3. OpenSER RADIUS Dictionary5. FreeRadius configurati
TACACS+/RADIUS服务器搭建记录
weixin_30588827的博客
08-09 1394
TACACS+/RADIUS服务器搭建记录 1、TACACS+相关信息 TACACS+软件下载地址 TACACS+首页介绍 2、RADIUS软件下载地址 1)FreeRADIUS下载地址 2)FreeRADIUS官方文档 3)FreeRADIUS的...
基于libev和mongoose的集成多种协议的异步嵌入式网络库Evmongoose设计源码
09-25
该项目是采用libev和mongoose构建的,支持多协议集成的异步嵌入式网络库Evmongoose的设计源码,包含47个文件,其中包括15个Lua脚本、13个C语言源代码、4个文本文件、4个Markdown文件、2个密钥文件、2个PEM文件、2个头文件、1个Git忽略文件、1个授权文件、1个SHTML文件。Evmongoose库支持TCP、HTTP、WebSocket和MQTT等多种协议,并提供了Lua API接口,适用于嵌入式网络开发领域。
计算机软件设计-Axure RP8-账号登录页面
09-25
实现动态面板【账号密码登录|短信登录】切换 短信验证码【60-0秒】登录倒计时
bitComet,比特彗星多线程下载器
09-25
bitComet,比特彗星多线程下载器
基于GitCGB2104项目的Java与HTML综合设计源码
09-25
本项目为GitCGB2104项目,集成Java与HTML技术,总计包含85个文件,涵盖36个Java源文件、16个Java类文件、9个XML配置文件、8个HTML文件、7个YAML文件、6个Idea项目配置文件、1个SQL脚本文件、1个PNG图片文件及1个文本文件。该项目设计精巧,旨在提供全面的技术支持。
基于Java语言的校园疫情防控管理后端设计源码
09-25
该项目是一款以Java语言开发的校园疫情防控管理后端系统源码,总计包含126个文件,其中包括84个Java源代码文件、21个PNG图片文件、11个XML配置文件、2个JAR包文件、1个Git忽略文件、1个属性文件和1个Markdown文件。系统设计旨在为校园疫情防控提供高效的后台管理支持。
02 基于FPGA的双目测距仪.zip(毕设&课设&实训&大作业&竞赛&项目)
最新发布
09-25
项目工程资源经过严格测试可直接运行成功且功能正常的情况才上传,可轻松复刻,拿到资料包后可轻松复现出一样的项目,本人系统开发经验充足(全领域),有任何使用问题欢迎随时与我联系,我会及时为您解惑,提供帮助。 【资源内容】:包含完整源码+工程文件+说明(如有)等。答辩评审平均分达到96分,放心下载使用!可轻松复现,设计报告也可借鉴此项目,该资源内项目代码都经过测试运行成功,功能ok的情况下才上传的。 【提供帮助】:有任何使用问题欢迎随时与我联系,我会及时解答解惑,提供帮助 【附带帮助】:若还需要相关开发工具、学习资料等,我会提供帮助,提供资料,鼓励学习进步 【项目价值】:可用在相关项目设计中,皆可应用在项目、毕业设计、课程设计、期末/期中/大作业、工程实训、大创等学科竞赛比赛、初期项目立项、学习/练手等方面,可借鉴此优质项目实现复刻,设计报告也可借鉴此项目,也可基于此项目来扩展开发出更多功能 下载后请首先打开README文件(如有),项目工程可直接复现复刻,如果基础还行,也可在此程序基础上进行修改,以实现其它功能。供开源学习/技术交流/学习参考,勿用于商业用途。质量优质,放心下载使用。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值