« Previous 1 2 3 4 Next »
Microsoft Network Policy Server
Geometry
Adding RADIUS Clients
A RADIUS client is installed on the dial-up device and initiates the dial-up request, which is sent in the form of an access request packet to an authenticator (e.g., a WiFi access point or a firewall/proxy server). The authenticator has no information of its own about the dial-up resources and forwards the packet to the RADIUS server.
To add a RADIUS client to the NPS Server, double-click RADIUS Clients and Servers , right-click RADIUS Clients , and select New from the context menu (Figure 2). Now assign a display name for the client and the IP address or DNS name and manually create a pre-shared key (PSK), generate a PSK, or select one from a PSK template. In the Advanced tab, you can also select the RADIUS client manufacturer to enable manufacturer-specific settings, if necessary.
Control by Remote Server Groups
With remote RADIUS server groups, you specify where connection requests are forwarded if the local NPS server is configured as a RADIUS proxy. If you configure the local NPS server as a RADIUS proxy, you need to create a new connection request policy. This policy uses NPS to determine which connection requests are forwarded to other RADIUS servers. Also, you can configure the connection request policy by specifying a remote RADIUS server group that contains one or more RADIUS servers. The policy tells the local NPS server where to send the connection requests that match the connection request policy.
To create a new remote RADIUS server group, navigate to RADIUS Clients and Servers , right-click RADIUS Remote Server Groups , and select New in the menu. Assign a group name and then add all the RADIUS servers to this group.
For each RADIUS server, you can configure the authentication and account management options in the same way you would for a normal RADIUS client. In the Load Balancing tab, you define priority orders and weightings. The priority order shows the server's status (e.g., a primary server has a priority of 1 ). Weighting determines how often requests are sent to a specific server in a group of servers with the same priority.
Configuring Policies
Network Policy Server policies control access to local or remote NPS servers and configure requirements and conditions under which a connection can be established by a RADIUS client. NPS provides two types of policies:
- Connection request guidelines
- Network policy
Connection request policies allow you to determine whether connection requests are processed locally or forwarded to remote RADIUS servers. To create one of these policies, click on the Policies node, right-click Connection Request Policies , and select New from the context menu. Assign a name for the new policy and specify the type of network access server. You can choose from Remote Desktop Gateway or RAS Server (VPN Dial-up) or configure a policy without a template. If the network access server is an 802.1X authentication switch or wireless access point, select Not Specified .
Next, specify the conditions that are used to evaluate the connection request policy for a connection request. You must choose at least one condition from the many presented, including IP addresses, usernames, protocols, service and tunnel types, and day and time restrictions, among other conditions. On the next tab, you can then specify whether the RADIUS requests will be authenticated on the local NPS server, whether the requests will be forwarded to a RADIUS remote server group, or whether users will be accepted without verifying their credentials. Account management information can be stored on the local NPS server or forwarded to a RADIUS remote server group.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)