{"id":6188,"date":"2013-04-08T07:00:00","date_gmt":"2013-04-08T05:00:00","guid":{"rendered":"http:\/\/nolabnoparty.com\/?p=6188"},"modified":"2014-09-19T09:33:38","modified_gmt":"2014-09-19T07:33:38","slug":"setup-nps-for-radius-authentication-in-active-directory","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/setup-nps-for-radius-authentication-in-active-directory\/","title":{"rendered":"Setup NPS for RADIUS authentication in Active Directory"},"content":{"rendered":"<p><img decoding=\"async\" style=\"background-image: none; margin: 10px auto 5px; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad01\" alt=\"radiusad01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad01.jpg\" width=\"602\" height=\"202\" border=\"0\" \/><\/p>\n<p>The <strong>Network Policy Services<\/strong> (NPS) is a service included in Windows Server 2008 acting as <strong>RADIUS<\/strong> to authenticate remote clients against Active Directory.<\/p>\n<p>In <strong>Active Directory<\/strong> environment is possible to setup the <strong>authentication process through RADIUS<\/strong> with existing accounts configured in the network setting NPS service properly.<\/p>\n<p><!--more--><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border: 0px;\" title=\"radiusad02\" alt=\"radiusad02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad02.jpg\" width=\"561\" height=\"419\" border=\"0\" \/><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"color: #666666;\">Installing NPS service<\/span><\/h2>\n<p>First step is the <strong>installation of the NPS service<\/strong> on the Windows 2008 R2 server. Open the <strong>Server Manager<\/strong> and click the option <strong>Add Roles<\/strong> to add the new role to the server.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad03\" alt=\"radiusad03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad03.jpg\" width=\"600\" height=\"265\" border=\"0\" \/><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad04\" alt=\"radiusad04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad04.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>Select <strong>Network Policy and Access Services<\/strong> and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad05\" alt=\"radiusad05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad05.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad06\" alt=\"radiusad06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad06.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>Select <strong>Network Policy Server<\/strong> option and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad07\" alt=\"radiusad07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad07.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>To perform the installation, click the <strong>Install<\/strong> button.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad08\" alt=\"radiusad08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad08.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p><strong>Service components<\/strong> are installed in the server.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad09\" alt=\"radiusad09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad09.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>Once the procedure ends, the <strong>installation result<\/strong> is shown. Click <strong>Close<\/strong> button to exit the window.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad10\" alt=\"radiusad10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad10.jpg\" width=\"600\" height=\"442\" border=\"0\" \/><\/p>\n<p>The service is now installed but <strong>needs to be configured<\/strong> to properly work.<\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"color: #666666;\">NPS configuration<\/span><\/h2>\n<p>To proceed with the configuration, access the service from <strong>Start &gt; Administrative Tools &gt; Network Policy Server<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad11\" alt=\"radiusad11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad11.jpg\" width=\"414\" height=\"469\" border=\"0\" \/><\/p>\n<p>Right click on <strong>RADIUS Client<\/strong> item to create a new client and select option <strong>New<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad12\" alt=\"radiusad12\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad12.jpg\" width=\"600\" height=\"382\" border=\"0\" \/><\/p>\n<p>In the <strong>Settings<\/strong> panel, enable the client by flagging option <strong>Enable this RADIUS client<\/strong>. Assign a <strong>Friendly Name<\/strong> and the server\/router VPN <strong>Address (IP or DNS)<\/strong>. To generate the <strong>shared secret<\/strong> for the RADIUS &lt;-&gt; Server VPN communication, use the option <strong>Generate<\/strong> to automatically create the key paying attention to VPN server specifications because sometimes long strings keys could create some problems. Use option <strong>Manual<\/strong> to enter a manual string instead.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad13\" alt=\"radiusad13\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad13.jpg\" width=\"460\" height=\"567\" border=\"0\" \/><\/p>\n<p>Click <strong>Advanced<\/strong> and set value <strong>RADIUS Standard<\/strong> as <strong>Vendor name<\/strong> if the VPN server vendor didn\u2019t provide different advices.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad14\" alt=\"radiusad14\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad14.jpg\" width=\"460\" height=\"567\" border=\"0\" \/><\/p>\n<p>Once the client has been created, from main window of NPS right-click item <strong>Network Policies<\/strong> and select option <strong>New<\/strong> to create a new policy.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad15\" alt=\"radiusad15\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad15.jpg\" width=\"600\" height=\"502\" border=\"0\" \/><\/p>\n<p>In <strong>Policy Name<\/strong> field specify the new policy name. Leave default <strong>Unspecified<\/strong> value in <strong>Type of network access server<\/strong> field. Click <strong>Next<\/strong> to continue.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad16\" alt=\"radiusad16\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad16.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>Click <strong>Add<\/strong> button to specify what conditions are evaluated during authentication process.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad17\" alt=\"radiusad17\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad17.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>If the account is authenticated through <strong>Active Directory group membership<\/strong>, select <strong>Windows Groups<\/strong> item and click <strong>Add<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad18\" alt=\"radiusad18\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad18.jpg\" width=\"600\" height=\"303\" border=\"0\" \/><\/p>\n<p>Click <strong>Add Groups<\/strong> button to specify the AD group.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad19\" alt=\"radiusad19\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad19.jpg\" width=\"406\" height=\"303\" border=\"0\" \/><\/p>\n<p>Insert AD group and click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad20\" alt=\"radiusad20\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad20.jpg\" width=\"464\" height=\"247\" border=\"0\" \/><\/p>\n<p>Selected AD group is now on the list of <strong>Windows Groups<\/strong>. Click <strong>OK<\/strong> to continue.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad21\" alt=\"radiusad21\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad21.jpg\" width=\"406\" height=\"303\" border=\"0\" \/><\/p>\n<p>To setup additional conditions, click <strong>Add<\/strong> button.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad22\" alt=\"radiusad22\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad22.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>In order to <strong>limit authentication requests<\/strong> to a specific VPN server, select condition <strong>Client IPv4 Address<\/strong> and click <strong>Add<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad23\" alt=\"radiusad23\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad23.jpg\" width=\"600\" height=\"303\" border=\"0\" \/><\/p>\n<p>Enter the <strong>VPN server IP Address <\/strong>and click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad24\" alt=\"radiusad24\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad24.jpg\" width=\"415\" height=\"171\" border=\"0\" \/><\/p>\n<p>Completed all the entries, click <strong>Next<\/strong> to continue.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad25\" alt=\"radiusad25\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad25.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>Click option <strong>Access Granted<\/strong> to enable the access to the system.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad26\" alt=\"radiusad26\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad26.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>In this screen, you define the <strong>protocol type<\/strong> used for authentication. Check vendor specifications of your VPN server to select required authentication protocols. To perform EAP authentication for instance, <strong>EAP Types<\/strong> must be configured by clicking the <strong>Add<\/strong> button.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad27\" alt=\"radiusad27\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad27.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>Select required protocol then click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad28\" alt=\"radiusad28\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad28.jpg\" width=\"334\" height=\"224\" border=\"0\" \/><\/p>\n<p>When authentication protocols have been entered, click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad29\" alt=\"radiusad29\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad29.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>Specify <strong>Constraints<\/strong> if requested. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad30\" alt=\"radiusad30\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad30.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>From <strong>Settings<\/strong> window, set additional attributes requested by the VPN server. For example, <a href=\"http:\/\/www.watchguard.com\/\" target=\"_blank\" rel=\"noopener\">Watchguard<\/a> firewalls require <strong>Filter-ID<\/strong> attribute to grant VPN access. Click <strong>Add<\/strong> button to add a new attribute.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad31\" alt=\"radiusad31\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad31.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>From attributes list select value <strong>Filter-ID<\/strong> and click <strong>Add<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad32\" alt=\"radiusad32\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad32.jpg\" width=\"592\" height=\"454\" border=\"0\" \/><\/p>\n<p>Click <strong>Add<\/strong> to define the attribute information requested by the VPN server for the attribute previously selected.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad33\" alt=\"radiusad33\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad33.jpg\" width=\"426\" height=\"377\" border=\"0\" \/><\/p>\n<p>From the VPN server vendor instructions, insert the right <strong>Attribute Information<\/strong> (L2TP-Users in the example) and click <strong>OK<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad34\" alt=\"radiusad34\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad34.jpg\" width=\"368\" height=\"317\" border=\"0\" \/><\/p>\n<p>If some attributes are not longer needed, select and remove them with <strong>Remove<\/strong> button.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad35\" alt=\"radiusad35\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad35.jpg\" width=\"600\" height=\"493\" border=\"0\" \/><\/p>\n<p>When the setup is complete, click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad36\" alt=\"radiusad36\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad36.jpg\" width=\"600\" height=\"493\" border=\"0\" \/><\/p>\n<p>A <strong>configuration summary<\/strong> is shown with policy conditions and settings. Click <strong>Finish<\/strong> to complete the procedure.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad37\" alt=\"radiusad37\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad37.jpg\" width=\"600\" height=\"513\" border=\"0\" \/><\/p>\n<p>To process in the right way the just created policy, move it at the <strong>top of the list.<\/strong><\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad38\" alt=\"radiusad38\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad38.jpg\" width=\"600\" height=\"462\" border=\"0\" \/><\/p>\n<p>For the correct functionality of RADIUS authentication, server must be registered in Active Directory. From main screen of NPS right-click <strong>NPS (local)<\/strong> and select option <strong>Register server in Active Directory<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad39\" alt=\"radiusad39\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad39.jpg\" width=\"442\" height=\"252\" border=\"0\" \/><\/p>\n<p>Click <strong>OK<\/strong> to authorize the local server in AD.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad40\" alt=\"radiusad40\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad40.jpg\" width=\"416\" height=\"191\" border=\"0\" \/><\/p>\n<p>Click <strong>OK<\/strong> to complete the server registration step.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad41\" alt=\"radiusad41\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad41.jpg\" width=\"416\" height=\"191\" border=\"0\" \/><\/p>\n<p>RADIUS <strong>server configuration<\/strong> is now complete.<\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"color: #666666;\">Enable RADIUS authentication<\/span><\/h2>\n<p>To enable VPN clients authentication in the system, the <strong>RADIUS authentication type<\/strong> must be configured in the VPN server.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad42\" alt=\"radiusad42\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad42.jpg\" width=\"500\" height=\"278\" border=\"0\" \/><\/p>\n<p>Enable and insert the correct <strong>IP Address<\/strong> of your RADIUS server. Type the <strong>Shared Secret<\/strong> previously created. Be careful that typed characters in the Secret field must be the same as defined in the RADIUS server settings otherwise authentication process will fail.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad43\" alt=\"radiusad43\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad43.jpg\" width=\"474\" height=\"620\" border=\"0\" \/><\/p>\n<p>When a VPN connection starts, the client is <strong>authenticated through the RADIUS<\/strong> server checking the Active Directory group membership and granting the network access as shown in the <strong>Windows log<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad44\" alt=\"radiusad44\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad44.jpg\" width=\"600\" height=\"456\" border=\"0\" \/><\/p>\n<p>If some <strong>authentication issues<\/strong> are experienced, looking at the Windows log you can identify where the problem reside.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"radiusad45\" alt=\"radiusad45\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2013\/04\/radiusad45.jpg\" width=\"600\" height=\"456\" border=\"0\" \/><\/p>\n<p>This solution allows a <strong>good authentication management<\/strong> process of remote clients giving the network a higher security level.<\/p>\n<p><img decoding=\"async\" alt=\"\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Network Policy Services (NPS) is a service included in Windows Server 2008 acting as RADIUS to authenticate remote clients against Active Directory. In Active Directory environment is possible to setup the authentication process through RADIUS with existing accounts configured in the network setting NPS service properly.<\/p>\n","protected":false},"author":3,"featured_media":5929,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[913,1065],"tags":[668,575,576,578],"class_list":["post-6188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory-en","category-microsoft-en","tag-authentication-en","tag-nps-en","tag-radius-en","tag-vpn-en","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/6188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=6188"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/6188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/5929"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=6188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=6188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=6188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}