Scribd Logo
Upload

Welcome to Scribd!

  • Radius Win 2008 Server

    Uploaded by

    Benito Avila
    9 views15 pages
    Instalación radius server

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Instalación radius server

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views15 pages

    Radius Win 2008 Server

    Uploaded by

    Benito Avila
    Instalación radius server

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    How To Configure Windows

    as a RADIUS Server
    with MS-CHAP
    v2 Authentication
    HowServer
    To 2008
    Configure
    Windows
    Server
    2008

    as a

    RADIUS Server with MS-CHAP v2 Authentication

    Applicable Version: 10.00 onwards


    Overview
    This article describes how you can configure Windows Server 2008 as a RADIUS Server and
    integrate it with Cyberoam.

    Scenario
    Configure Windows Server 2008 as RADIUS Server with MS-CHAP v2 authentication and integrate
    Cyberoam as a RADIUS Client.

    Configuration
    You can configure Windows Server 2008 by following the steps given below. Configuration is to be
    done from Windows Server Manager.
    Note:
    Prior to configuration, make sure that:

    You have setup Active Directory Services, and Network Policies and Access Services (NPS)
    Roles.
    The NPS Roles are integrated with the Active Directory.

    Step 1: Add Cyberoam as RADIUS Client

    Login to Windows Server 2008 using Administrator profile.

    Go to Start Administrative Tools Server Manager .

    On the left panel, expand Roles Network Policy and Access Services NPS (Local)
    RADIUS Clients and Servers and right click on RADIUS Clients. Click New RADIUS Client to
    create a new client according to parameters given below.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    Parameter Description
    Parameter

    Value

    Description

    Friendly name

    Cyberoam

    Name to identify the RADIUS Client

    Address (IP or DNS)

    172.16.16.1

    Address of the RADIUS Client. Here,


    we have specified Cyberoam LAN IP
    Address.

    Vendor name

    RADIUS Standard

    Specify the RADIUS Client Vendor


    name from the list

    Shared secret

    Manual

    Select whether shared secret is to be


    manually set or auto-generated.

    Secret

    cyberoam

    Specify the secret

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    Click OK to create the RADIUS Client.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    Step 2: Configure Network Policies


    On the left panel, expand Roles Network Policy and Access Services NPS (Local)
    Policies and right-click Network Policies. Click New to open the New Network Policy Wizard.

    Mention Policy Name and click Next.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    Click Add under Specify Conditions to add conditions that determine whether this network policy
    is evaluated for a connection request. Here, we have added 2 conditions:
    User Group as Marketing
    NAS IP address as Cyberoam LAN IP address

    The Select Condition Window opens. Select the first type of condition as User Groups and click
    Add.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The User Groups Window opens. Click Add Groups... to add user groups.

    The Select Group Window opens. Mention the Group Marketing under Enter the object name
    to select and click OK.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The user group condition is added. Now click Add... again to add the second condition.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    Under Gateway section, select NAS IPv4 Address to specify the IP address of the Network
    Access Server (NAS) and click Add.

    Mention Cyberoams LAN IP address as NAS address.

    Click OK to save settings. The following screen is displayed showing configured conditions. Click
    Next.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The Specify Access Permission screen appears. Select Access granted and click Next.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The Configure Authentication Methods screen appears. Select the authentication as Microsoft
    Encrypted Authentication version 2 (MS-CHAP v2) and Unencrypted authentication (PAP,
    SPAP). Click Next.
    Note:
    PAP authentication method is required because Cyberoam uses PAP to test connectivity with the
    RADIUS Server.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The Configure Constraints screen appears. Retain default constraints. Click Next.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The Configure Settings screen appears. Retain default settings. Click Next.
    If you want to configure Tight Integration between RADIUS Server and NAS, then add Filter ID as
    one of the attributes by clicking Add....

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    The Completing New Network Policy appears which displays the summary of the policy you have
    configured. Click Finish to create the policy.

    Step 3: Allow Network Access to Users


    Once Network Policies are configured, ensure that users, belonging to the User Group defined in the
    Policy, are allowed network access. Here, we have enabled network access of a user named John
    Smith who belongs to the CYBEROAM\Marketing User Group. You can enable network access by
    following instructions given below.
    On the left panel, expand through Roles Active Directory Domain Services Active Directory
    Users and Computers cyberoam.local and click Users to display a list of existing users. Right
    click user John Smith and click Properties from the pop up.

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

    In the Properties window, switch to Dial-in tab, under Network Access Permission select Allow
    access to allow network access to user John Smith.

    Click OK to save settings.

    Step 4: Integrate Cyberoam with RADIUS Server


    Integrate Cyberoam with the RADIUS Server configured above such that it uses the Server for user
    authentication. To know how you can configure Cyberoam to use RADIUS Server, refer to the article
    Configure Cyberoam to use RADIUS Server for Authentication.

    The above configuration configures the Windows Server 2008 as a RADIUS Server with Cyberoam as
    the Client. Cyberoam uses this RADIUS Server for user authentication.

    Document Version: 1.1 14/09/2012

    You might also like