P. 1
Wiki.mikrotik.com Wiki AAA With Active Directory

Wiki.mikrotik.com Wiki AAA With Active Directory

|Views: 652|Likes:
Published by Charlston Leite

More info:

Published by: Charlston Leite on Sep 06, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





AAA with Active Directory - MikroTik Wiki

Página 1 de 18

AAA with Active Directory
Example One
MT setup

Windows Setup

Example Two
Part A - Setup IAS RADIUS on Active Directory Services



http://wiki.com/wiki/AAA_with_Active_Directory 07/04/2011 .mikrotik.AAA with Active Directory .MikroTik Wiki Página 2 de 18 Setup IAS on a server acting as Active Directory Services Domain Controller and register it’s services.

AAA with Active Directory .com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 3 de 18 Give a meaningful description and enable logging for authentication status. http://wiki.mikrotik.

http://wiki.com/wiki/AAA_with_Active_Directory 07/04/2011 .AAA with Active Directory .mikrotik.MikroTik Wiki Página 4 de 18 User respective 1812 for Authentication and 1813 for Accounting port only.

com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 5 de 18 Create a Realms profile. http://wiki.AAA with Active Directory . find “User-Name” replace it with “DOMAIN\User-Name” variables into IAS.mikrotik.

mikrotik.253.com/wiki/AAA_with_Active_Directory 07/04/2011 .19. http://wiki.AAA with Active Directory .1. Set Client Ve RADIUS Standard and enter a unique password for IAS. Do not enable Attributes Signature check box.MikroTik Wiki Página 6 de 18 Create a “hotspot.com” client profile and set IP address pointing to MikroTik hotspot server 172.

com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 7 de 18 Enable Remote Access Logging check box for all properties.AAA with Active Directory . http://wiki.mikrotik.

mikrotik.com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 8 de 18 Select IAS Format and set Log Time Period to Daily.AAA with Active Directory . http://wiki.

com/wiki/AAA_with_Active_Directory 07/04/2011 . Add “Windows-Groups” matches “DOMAIN\Username remote access permission. http://wiki.AAA with Active Directory .mikrotik.com”.MikroTik Wiki Página 9 de 18 Create Remote Access Policies profile to “hotspot.

AAA with Active Directory . Note HotSpot only uses PA http://wiki.com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 10 de 18 At Authentication tab Enable check box for “MS-CHAP v2. MS-CHAP. CHAP and PAP” method.mikrotik.

mikrotik.MikroTik Wiki Página 11 de 18 At Encryption tab Enable all the check box allowed by this profile.AAA with Active Directory .com/wiki/AAA_with_Active_Directory 07/04/2011 . http://wiki.

AAA with Active Directory .com/wiki/AAA_with_Active_Directory 07/04/2011 . Part B .mikrotik.MikroTik Wiki Página 12 de 18 At Advance tab do not add any additional connection attributes.Setup IAS RADIUS with MikroTik http://wiki.

Enter the same p created earlier for RADIUS secret. At “Hotspot Server Profiles” Login By check “HTTP PAP” only.mikrotik. http://wiki. Enter IP Address of IAS RADIUS server. Use port 1812 for Authentication and 1813 for Accounting with Timeout at 300ms.com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 13 de 18 Add a RADIUS server profile and enable service for “hotspot”.AAA with Active Directory .

http://wiki.com/wiki/AAA_with_Active_Directory 07/04/2011 .dialways. Remember to add in the test PC IP Address intended for testing into the IAS Client Profile before initiating test.com/download/ 2. Use NTRadPing Test Utility to verify the communication link with a test PC. Part C – Testing IAS RADIUS with PC 1.mikrotik.AAA with Active Directory . NAS Port Type leave it as (19 wireless-802.MikroTik Wiki Página 14 de 18 At “Hotspot Server Profiles” check Use RADIUS and Accounting.11) or (Ethernet) mode. http://www.

AAA with Active Directory . 4.mikrotik. Also enter the User-Name found in the Active Directory Service User Domain Lists.com/wiki/AAA_with_Active_Directory 07/04/2011 . If successful response reply w Accepted”.MikroTik Wiki Página 15 de 18 3. Enter the IAS RADIUS server IP Address and port “1812” for Request Type “Authentication Request” RADIUS Secret Key. http://wiki.

com/wiki/AAA_with_Active_Directory 07/04/2011 .mikrotik.MikroTik Wiki Página 16 de 18 5. Next change port to “1813” for Request Type “Accounting Start” click send and reply should be “Accounting RADIUS server is working.AAA with Active Directory . Part D – Activating Domain Users for IAS RADIUS http://wiki.

AAA with Active Directory . if not add them as group mem http://wiki.com/wiki/AAA_with_Active_Directory 07/04/2011 .MikroTik Wiki Página 17 de 18 Check for respective User properties if they are member of “RAS and IAS Server” groups.mikrotik.

mikrotik.com/wiki/AAA_with_Active_Directory 07/04/2011 .AAA with Active Directory . http://wiki.MikroTik Wiki Página 18 de 18 Next check the Dial-in tab and enable Allow access for Remote Access Permission.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->