windows 2008和2012内嵌了NPS,其可以作为radius服务器,
参数什么的和Freeradius差不多,指南很少,文档很少
接下来主要记录的是
- NPS为cisco&h3c 提供telnet认证服务
- ipsec用户认证(测试中,逐渐补完)
The Network Policy and Access Services include the following role services: Network Policy Server (NPS) Health Registration Authority (HRA) Host Credential Authorization Protocol (HCAP) RADIUS server and proxy
- Windows 2012 NPS for CISCO telnet authentication
具体参照这个帖子
Cisco IOS Radius Authentication with Windows Server 2012 NPS
关键是这一段:
Next you will need to add a Vendor Specific Attribute by clicking on “Vendor Specific” under the left side settings and clicking the Add… button
Scroll down the list and select “Cisco-AV-Pair” and click add. You will be prompted to add the Attribute Information, here you will click Add… and set the attribute value as shell:priv-lvl=15
This specifies which privilege level is returned to the authenticating user/device after successful authentication. For Network Engineers this would be shell:priv-lvl=15 and the Network Support Technicians would use shell:priv-lvl=1
2. Freeradius for H3C/HP Comware 7 telnet authentication
具体参考这篇文档
参数基本是一样的,唯一不同的是shell的写法,
e.g.
shell:roles=\"nework-operator\"
3. Using Windows Server 2008 as a RADIUS Server for a Cisco ASA
windows 2008下的NPS和windows 2012差不多,可以参考下
http://fixingitpro.com/2009/09/08/using-windows-server-2008-as-a-radius-server-for-a-cisco-asa/
4. Windows NPS for cisco L2TP IPSEC VPN
具体配置参考如下链接
http://adminboard.mcsm.eu/index.php/guides/other/43-cisco-l2tp-ipsec-tunnel
http://adminboard.mcsm.eu/index.php/guides/windows/45-windows-nps-kerberos-for-cisco-vpn-l2tp-ipsec
还有一个freeradius下的
http://safesrv.net/setup-l2tp-over-ipsec-to-authenticate-off-freeradius-on-ubuntu-11-10/
5. EZVPN
windows 2008 NPS已经有人写了,我贴一下
http://xuchenhui.blog.51cto.com/769149/1386652
freeradius下的:
Cisco ezVPN with FreeRADIUS
http://stevehaskew.blogspot.com/2014/09/cisco-ezvpn-with-freeradius.html
windows 2012 NPS 为 H3C&CISCO提供 radius服务