Scribd Logo
Upload

Welcome to Scribd!

  • Configuring Active Directory (Windows 2008 Server R2) RADIUS Server For OpenVPN Access Server

    Uploaded by

    kyrageek
    23 views10 pages
    Configuring Active Directory (Windows 2008 Server R2) RADIUS Server for OpenVPN Access Server

    Original Title

    Configuring Active Directory (Windows 2008 Server R2) RADIUS Server for OpenVPN Access Server

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Configuring Active Directory (Windows 2008 Server R2) RADIUS Server for OpenVPN Access Server

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views10 pages

    Configuring Active Directory (Windows 2008 Server R2) RADIUS Server For OpenVPN Access Server

    Uploaded by

    kyrageek
    Configuring Active Directory (Windows 2008 Server R2) RADIUS Server for OpenVPN Access Server

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Access Server Followus

    Home AccessServer iOS&Android HowtoGuides Underthehood Diagrams/layouts

    ConfiguringActiveDirectory(Windows2008ServerR2)RADIUSServerforOpenVPNAccessServer
    Lastmodified:12April2012

    Introduction

    ActiveDirectorycanbeintegratedwithOpenVPNAccessServereasilywiththeuseofWindows2008ServerR2'sRADIUSserver.Thisarticleassumesthatyouhave
    Windows2008ServerR2,ActiveDirectoryDomainServices,andNetworkPolicyandAccessServicesrolesalreadyinstalled.

    ServerConfiguration

    TobeginsettinguptheRADIUSserver,youwillfirstneedtoknowtheIPaddressofyourOpenVPNAccessServer.Ifyoudonotknowwhatthisis,youcanissuean
    ifconfigcommandintheterminalofyourOpenVPNAccessServerinstance.
    AfteryouhaveobtainedtheIPaddressofyourOpenVPNAccessServer,openServerManagerinyourWindows2008R2machine.NavigatetoNetworkPolicyand
    AccessServices,NPS(Local),RADIUSClientsandServers,andlastly,RADIUSClients.Ontherightnavigationbar,clickNewtoaddanewRADIUSclient.

    IntheNewRADIUSClientdialog,enterauserfriendlyname(canbeanything),yourOpenVPNAccessServer'sIPaddress,andclicktheGenerate
    radiobox.ClicktheGeneratebutton,andcopythegeneratedsecrettoasafeplace(youwillneedthisforconfiguringAccessServerlater).Afterwards,
    clicktheOKbutton.
    AftertheconfigurationoftheRADIUSClientiscomplete,navigatetotheNetworkPoliciessectionunderneathPolicies.ClickNewontheright
    navigationpane.
    IntheNewNetworkPolicydialog,enterapolicynameforyournewpolicy(thiscouldbeanynameyou'dlike).LeavetheservertypeasUnspecified
    andclicktheNextbutton.

    20022014OpenVPNTechnologies,Inc. PrivacyPolicy TermsOfUse

    IntheSpecifyConditionsdialog,clicktheAdd...button.
    SelectWindowsGroups,andthenclicktheAdd...button.

    ClickAddGroups...toaddnewgroupmemberships.

    Typethegroupnamesyouwouldwanttoallowaccessto.Inthisexample,thegroupVPNUsersareallowedaccesstotheVPN.ClickOKwhen
    finished.
    Ifyoudonothaveanymoregroupsyouwouldliketoaddtothelist,clickOKtofinishpopulatingthegrouplist.

    NOTE:IfyouhaveotherresourcesonyournetworkbesidesyourVPNserver,youshouldlimitthispolicysothatitwillonlymatchrequestscomingfrom
    yourOpenVPNAccessServer.Otherwise,itispossiblethatanyonelistedintheaforementionedgroupswillhaveaccesstoallyourothernetwork
    resources.
    Todoso,clickAdd...toaddanothercondition,andselectClientIPv4AddressundertheRADIUSClientPropertiesasacondition,andclickAdd....

    EntertheIPAddressofyourOpenVPNAccessServer,andthenclicktheOKbutton.

    ClicktheNextbuttontofinishdefiningconditions.
    Inthefollowingdialog,acceptthedefaultAccessPermissionsandthenclickNext.

    IntheConfigureAuthenticationMethodwindow,underEAPTypes:,clicktheAdd...button.
    SelectMicrosoft:Securedpassword(EAPMSCHAPv2)andthenclickOK.

    ClickOKtofinishconfiguringthelistofauthenticationmethods.
    Acceptthedefaultconstraints,andthenclicktheNextbutton.

    Acceptthedefaultsettingsforthenetworkpolicy,andclicktheNextbutton.
    ClickFinishtoexitoutoftheNewNetworkPolicywizard.

    IfyournewnetworkpolicyappearsonthebottomoftheBlockpolicies(denotedwitharedX),yourclientswillnotbeabletoauthenticateagainstthe
    server.Tofixthis,youwillneedtoselectthenewlycreatedpolicy,andclicktheMoveUpoptionontherightnavigationpane,untilyourpolicyisabove
    thedefaultblockpolicies.
    Oncethisisdone,youarereadytoconfigureyourAccessServerforRADIUSaccess!

    AccessServerConfiguration

    LogontoyourWebAdminUIarea.UnderAuthentication,clicktheRADIUSoption.

    IftheRADIUSmoduleisnotalreadyinuse,clicktheUseRADIUSbutton,asspecified.

    IntheRADIUSAuthenticationconfigurationpage,selectMSCHAPv2astheauthenticationmethod.Afterwards,enteryourdomaincontroller'sIP
    addressintheHostnameorIPAddresstextbox.TheSharedSecretisthelongtextstringthatyouhavecopiedandsavedearlier.Pastethisinthe
    correspondingtextboxandclickSaveSettingstocontinue.
    ClicktheUpdateRunningServerbuttontofinalizethechanges.YourAccessServersoftwareshouldnowbeintegratedwithActiveDirectoryandyou
    canmanageUserPermissionsundertheUserPermissionssectionoftheWebAdminUI.

    You might also like