دوستان عزیز کسی تا به حال بدون مشکل این کارو انجام داده؟ همچین چیزی ممکن هست؟
ایا این روش جواب داده؟
Configuring Server 2008 for RADIUS Authentication
I like connecting to my network using my pfSense firewall's built-in *** server. Following these steps, I can configure Windows Server 2008 to provide the authentication credentials for pfSense via RADIUS. I figured this out using this great guide that I referenced for Windows Server 2003...
Enable "reversible password encryption" for your domain users.
Globally:
- Admin Tools - Group Policy Management
- Choose your forest, domain and then right click your Default Domain Policy and choose Edit.
- Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> Store passwords using reversible encryption = Enabled.
Per User:
- I prefer doing it globally, but you can do it on a per user basis by opening your domain user's properties and checking "Store password using reversible encryption" on the Account tab.
*Restart the domain controller after these Group Policy changes.
Enable Windows Server 2008 Network Policy Server (NPS)
- Add the "Network Policy and Access Services" role to your domain controller.
- Enable these role services during installation:
Network Policy Server
Routing & Remote Access Services
Remote Access Service
Routing
Verify the RADIUS Port Numbers
- Server Manager -> Roles -> Network Policy and Access -> Right-click NPS (Local) -> Properties -> Ports Tab.
- Verify the defaults for Authentication are 1812,1645.
- Verify the defaults for Accounting are 1813, 1646.
- The 18 set is for a secure connection, or vice-versa. You can change things to match your RADIUS client, but the defaults should be fine.
Add a new RADIUS Client
- NPS (Local) -> RADIUS Clients and Servers -> RADIUS Clients -> Right-click Add new Client.
- Add a name, the ip address of your client and create a shared secret.
Add a new Network Policy
- NPS (Local) -> Policies -> Right-click Network Policies -> Add new.
- Enter a name and leave Type of network access server as Unspecified. Click Next.
- Add a condition. Choose Windows Groups. Add a Group ("Domain Users" for example). Click OK, then Next.
- Choose Access Granted. Click Next.
- Leave the default Authentication Methods. Click Next.
- Leave the Default Constraints. (Although they look like some cool new features you may want to use.) Click Next.
- Leave the Default Settings. Click Next.
- Click Finish.
Granting or Denying Access to Users
- Right click a domain user -> Properties -> Dial-in tab.
- You can Grant or Deny here, but I just leave the NPS Policy we setup earlier to allow all domain users through.
Configure your RADIUS Client
- In this case, I enable a PPTP *** server on my pfSense firewall and point it to my domain controller/NPS services machine where we just configured everything. Input the shared secret and then login from anywhere!
موفق باشید
موضوعات مشابه:
- وصل نشدن ویندوز 7 نگارش Ultimate به دامین روی ویندوز سرور 2008
- عدم دسترسی به فولدر های شیر شده در ویندوز 2003 از ویندوز سرور 2008 و 7
- مدیریت از راه دور ویندوز سرور 2008 از طریق کنسول server managment یه ویندوز سرور دیگه
- اموزش اتصال ویندوز 7 با ویندوز سرور 2008 در ؟vmware
- آیا میشه سرور Additinal Domain برای ویندوز سرور 2003 یه ویندوز سرور 2008 باشه