Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Wiki AAA With Active Directory

    Încărcat de

    Charlston Leite
    741 vizualizări18 pagini
    AAA with Active Directory - MikroTik Wiki setup IAS on a server acting as Active Directory services DOMAIN Controller and register it's services. Create a "hotspot.com" client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set client Ve RADIUS Standard and enter a unique password for IAS.

    Descriere originală:

    Titlu original

    Wiki.mikrotik.com Wiki AAA With Active Directory

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    AAA with Active Directory - MikroTik Wiki setup IAS on a server acting as Active Directory services DOMAIN Controller and register it's services. Create a "hotspot.com" client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set client Ve RADIUS Standard and enter a unique password for IAS.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    741 vizualizări18 pagini

    Wiki AAA With Active Directory

    Încărcat de

    Charlston Leite
    AAA with Active Directory - MikroTik Wiki setup IAS on a server acting as Active Directory services DOMAIN Controller and register it's services. Create a "hotspot.com" client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set client Ve RADIUS Standard and enter a unique password for IAS.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 18

    AAA with Active Directory - MikroTik Wiki

    Pgina 1 de 18

    AAA with Active Directory


    Example One
    MT setup

    Windows Setup

    Example Two
    Part A - Setup IAS RADIUS on Active Directory Services

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 2 de 18

    Setup IAS on a server acting as Active Directory Services Domain Controller and register its services.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 3 de 18

    Give a meaningful description and enable logging for authentication status.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 4 de 18

    User respective 1812 for Authentication and 1813 for Accounting port only.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 5 de 18

    Create a Realms profile, find User-Name replace it with DOMAIN\User-Name variables into IAS.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 6 de 18

    Create a hotspot.com client profile and set IP address pointing to MikroTik hotspot server 172.19.1.253. Set Client Ve RADIUS Standard and enter a unique password for IAS. Do not enable Attributes Signature check box.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 7 de 18

    Enable Remote Access Logging check box for all properties.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 8 de 18

    Select IAS Format and set Log Time Period to Daily.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 9 de 18

    Create Remote Access Policies profile to hotspot.com. Add Windows-Groups matches DOMAIN\Username

    remote access permission.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 10 de 18

    At Authentication tab Enable check box for MS-CHAP v2, MS-CHAP, CHAP and PAP method. Note HotSpot only uses PA

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 11 de 18

    At Encryption tab Enable all the check box allowed by this profile.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 12 de 18

    At Advance tab do not add any additional connection attributes.

    Part B - Setup IAS RADIUS with MikroTik

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 13 de 18

    Add a RADIUS server profile and enable service for hotspot. Enter IP Address of IAS RADIUS server. Enter the same p created earlier for RADIUS secret. Use port 1812 for Authentication and 1813 for Accounting with Timeout at 300ms.

    At Hotspot Server Profiles Login By check HTTP PAP only.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 14 de 18

    At Hotspot Server Profiles check Use RADIUS and Accounting. NAS Port Type leave it as (19 wireless-802.11) or (Ethernet) mode.

    Part C Testing IAS RADIUS with PC

    1. Use NTRadPing Test Utility to verify the communication link with a test PC. http://www.dialways.com/download/ 2. Remember to add in the test PC IP Address intended for testing into the IAS Client Profile before initiating test.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 15 de 18

    3. Enter the IAS RADIUS server IP Address and port 1812 for Request Type Authentication Request RADIUS Secret Key.

    4. Also enter the User-Name found in the Active Directory Service User Domain Lists. If successful response reply w Accepted.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 16 de 18

    5. Next change port to 1813 for Request Type Accounting Start click send and reply should be Accounting RADIUS server is working.

    Part D Activating Domain Users for IAS RADIUS

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 17 de 18

    Check for respective User properties if they are member of RAS and IAS Server groups, if not add them as group mem

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    AAA with Active Directory - MikroTik Wiki

    Pgina 18 de 18

    Next check the Dial-in tab and enable Allow access for Remote Access Permission.

    http://wiki.mikrotik.com/wiki/AAA_with_Active_Directory

    07/04/2011

    S-ar putea să vă placă și