Professional Documents
Culture Documents
in
www.technocorp.co.in
Module 6 Installing, Configuring, and Troubleshooting the Network Policy Server Role Service
Module Overview
www.technocorp.co.in
Installing and Configuring a Network Policy Server Configuring RADIUS Clients and Servers NPS Authentication Methods Monitoring and Troubleshooting a Network Policy Server
What Is a Network Policy Server? Demonstration: How to Install the Network Policy Server Tools Used for Managing a Network Policy Server Demonstration: How to Configure General NPS Settings
www.technocorp.co.in
RADIUS server
RADIUS proxy
NAP policy server
Demonstration: How to Install the In this demonstration, you will see how to: Network Install the NPS role Policy Server
www.technocorp.co.in
Register NPS in AD DS
Tools Used for Managing a Network Tools used to manage NPS include: Policy Server
NPS MMC Console
www.technocorp.co.in
Demonstration: How to Configure In this demonstration, you will see how to: General a RADIUS server for VPN connections NPS Configure Settings
www.technocorp.co.in
Save the configuration
www.technocorp.co.in
RADIUS clients are network access servers, such as: Wireless access points 802.1x authenticating switches
VPN servers
Dial-up servers RADIUS clients send connection requests and accounting messages to RADIUS servers for authentication, authorization, and accounting
www.technocorp.co.in
A RADIUS proxy is required for: Service providers offering outsourced dial-up, VPN, or wireless network access services Providing authentication and authorization for user accounts that are not Active Directory members Performing authentication and authorization using a database that is not a Windows account database Load-balancing connection requests among multiple RADIUS servers Providing RADIUS for outsourced service providers and limiting traffic types through the firewall
www.technocorp.co.in
www.technocorp.co.in
Framed Protocol
Service Type Tunnel Type Day and Time restrictions
Authentication
Accounting Attribute Manipulation Advanced settings
Custom Connection Request policies are required to forward the request to another proxy or RADIUS server or server group for authorization and authentication, or to specify a different server for accounting information
www.technocorp.co.in
security account database or Active Directory. Connection policies exist on that server.
request to a RADIUS server for authentication against a security database. RADIUS maintains a central store of all the connection policies.
RADIUS server groups Default ports for accounting and authentication using RADIUS
Used where one or more RADIUS servers are capable of handling connection requests. The connection requests are load-balanced on criteria specified during the creation of the RADIUS server group if there is more than one RADIUS server in the group.
The ports required for accounting and authentication requests being forwarded to a RADIUS server are UDP 1812/1645 and UDP 1813/1646.
Demonstration: How to Create a New In this demonstration, you will see how to: Connection Request Policy Create a VPN connection request policy
www.technocorp.co.in
Password-Based Authentication Methods Using Certificates for Authentication Required Certificates for NPS Authentication Methods Deploying Certificates for PEAP and EAP
www.technocorp.co.in
www.technocorp.co.in
CA certificate in the Trusted Root Certification Authorities certificate store for the Local Computer and Current User Client computer certificate in the certificate store of the client Server certificate in the certificate store of the NPS server User certificate on a smart card
Methods Used to Monitor NPS Logging NPS Accounting Configuring SQL Server Logging Configuring NPS Events to Record in the Event Viewer
www.technocorp.co.in
Event logging The process of logging NPS events in the System Event log
Open NPS from the Administrative Tools menu In the console tree, click Accounting In the details pane, click Configure Local File Logging On the Settings tab, select the information to be logged On the Log File tab, select the log type and the frequency or size attributes of the log files to be generated
www.technocorp.co.in
2 3 4 5
Log files should be stored on a separate partition from the system partition: If RADIUS accounting fails due to a full hard disk, NPS stops processing connection requests
www.technocorp.co.in
Requires SQL to have a stored procedure named report_event NPS formats accounting data as an XML document Can be a local or remote SQL Server database
www.technocorp.co.in
Service
www.technocorp.co.in
Logon information
Virtual machines User name 6421B-NYC-DC1 6421B-NYC-EDGE1 6421B-NYC-CL1 Contoso\Administrator
Password
Pa$$w0rd
Lab Scenario Contoso Ltd. is expanding its remote-access solution to all its branch office
www.technocorp.co.in
employees. This will require multiple Routing and Remote Access servers located at different points to provide connectivity for its employees. You must use RADIUS to centralize authentication and accounting for the remote-access solution. You have been tasked with installing and configuring Network Policy Server into an existing infrastructure to be used for NAP, Wireless and Wired access, RADIUS, and RADIUS Proxy.
Lab Review
www.technocorp.co.in
What does a RADIUS proxy provide? What is a RADIUS client, and what are some examples of RADIUS clients?